Opened 9 years ago
Closed 9 years ago
#26395 closed Cleanup/optimization (fixed)
CryptPasswordHasher only return None on some platform
Reported by: | L. Coues | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 1.9 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Not all platform support the crypt module, as stated in the CryptPasswordHasher. But some platform provide a dummy crypt module, returning None on all input.
I tried the following code on both Linux with python 3.5 and OpenBSD with python 3.4
import crypt print(crypt.crypt(""))
On Linux, I get a string more or less 120 characters long starting with $6. On OpenBSD, I get None. I haven't managed to get anything else than None.
I noticed the problem while running the test suite. In tests/auth_tests/test_hashers, importing crypt is successfull so the test about crypt are done. But django.contrib.auth.hashers.make_password return None for the "crypt" algorithm and fail the test as "crypt$$None" != "crypt$$ab1Hv2Lg7ltQo".
After a quick look at the different PasswordHasher, I believe make_password shouldn't be able to return "crypt$$None". It should either return a usable value or fail with an assert error from the PasswordHasher, like the one that occur if CryptPasswordHasher is supplied a salt of length other than 2.
In the current condition, make_password on OpenBSD using the "crypt" algorithm return the same value for every value.
With attached patch, CryptPasswordHasher throw an assert error if crypt return a None value.
Attachments (1)
Change History (6)
by , 9 years ago
Attachment: | crypt_return_none.diff added |
---|
comment:1 by , 9 years ago
Triage Stage: | Unreviewed → Accepted |
---|---|
Type: | Uncategorized → Cleanup/optimization |
Thanks for the patch. I made a few cosmetic tweaks and created a pull request if you'd like to double check it.
comment:3 by , 9 years ago
I had to update the patch once more for Python 2 compatibility. Does crypt.crypt('', '')
(with two arguments) work fine on your platform?
comment:4 by , 9 years ago
crypt.crypt("", "")
produce a None return value on python 2.7.10 with OpenBSD. I tried a few different arguments with the same result. So it is consistent with python3 behavior.
patch