Opened 9 years ago

Closed 9 years ago

#26395 closed Cleanup/optimization (fixed)

CryptPasswordHasher only return None on some platform

Reported by: L. Coues Owned by: nobody
Component: contrib.auth Version: 1.9
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Not all platform support the crypt module, as stated in the CryptPasswordHasher. But some platform provide a dummy crypt module, returning None on all input.

I tried the following code on both Linux with python 3.5 and OpenBSD with python 3.4

import crypt
print(crypt.crypt(""))

On Linux, I get a string more or less 120 characters long starting with $6. On OpenBSD, I get None. I haven't managed to get anything else than None.

I noticed the problem while running the test suite. In tests/auth_tests/test_hashers, importing crypt is successfull so the test about crypt are done. But django.contrib.auth.hashers.make_password return None for the "crypt" algorithm and fail the test as "crypt$$None" != "crypt$$ab1Hv2Lg7ltQo".

After a quick look at the different PasswordHasher, I believe make_password shouldn't be able to return "crypt$$None". It should either return a usable value or fail with an assert error from the PasswordHasher, like the one that occur if CryptPasswordHasher is supplied a salt of length other than 2.

In the current condition, make_password on OpenBSD using the "crypt" algorithm return the same value for every value.
With attached patch, CryptPasswordHasher throw an assert error if crypt return a None value.

Attachments (1)

crypt_return_none.diff (1.1 KB ) - added by L. Coues 9 years ago.
patch

Download all attachments as: .zip

Change History (6)

by L. Coues, 9 years ago

Attachment: crypt_return_none.diff added

patch

comment:1 by Tim Graham, 9 years ago

Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

Thanks for the patch. I made a few cosmetic tweaks and created a pull request if you'd like to double check it.

comment:2 by L. Coues, 9 years ago

Oh nice, I didn't know we could have an else branch after an except.

comment:3 by Tim Graham, 9 years ago

I had to update the patch once more for Python 2 compatibility. Does crypt.crypt('', '') (with two arguments) work fine on your platform?

comment:4 by L. Coues, 9 years ago

crypt.crypt("", "") produce a None return value on python 2.7.10 with OpenBSD. I tried a few different arguments with the same result. So it is consistent with python3 behavior.

comment:5 by Tim Graham <timograham@…>, 9 years ago

Resolution: fixed
Status: newclosed

In 1243fdf:

Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.

Note: See TracTickets for help on using tickets.
Back to Top