Merge pull request #3 from ferd/patch-1
Increasing version number to fit the git tag
diff --git a/README.rst b/README.rst
index 747fba3..2c8693d 100644
--- a/README.rst
+++ b/README.rst
@@ -50,6 +50,9 @@
Specifies whether to use the NIF implementation (``'nif'``) or a
pool of port programs (``'port'``). Defaults to ``'port'``.
+ `WARNING: the NIF implementation will block Erlang VM scheduler
+ threads and is not suitable for many applications.`
+
``pool_size``
Specifies the size of the port program pool. Defaults to ``4``.
diff --git a/c_src/bcrypt_port.c b/c_src/bcrypt_port.c
index 3ec81bf..9abc013 100644
--- a/c_src/bcrypt_port.c
+++ b/c_src/bcrypt_port.c
@@ -147,25 +147,38 @@
process_hashpw(ETERM *pid, ETERM *data)
{
int retval = 0;
- ETERM *pattern, *pwd, *slt;
- char *password, *salt;
+ ETERM *pattern, *pwd, *slt, *pwd_bin, *slt_bin;
+ char password[1024];
+ char salt[1024];
char *ret = NULL;
+
+ (void)memset(&password, '\0', sizeof(password));
+ (void)memset(&salt, '\0', sizeof(salt));
+
pattern = erl_format("{Pass, Salt}");
if (erl_match(pattern, data)) {
pwd = erl_var_content(pattern, "Pass");
- password = erl_iolist_to_string(pwd);
+ pwd_bin = erl_iolist_to_binary(pwd);
slt = erl_var_content(pattern, "Salt");
- salt = erl_iolist_to_string(slt);
- if (NULL == (ret = bcrypt(password, salt)) ||
- 0 == strcmp(ret, ":")) {
- retval = process_reply(pid, CMD_HASHPW, "Invalid salt");
+ slt_bin = erl_iolist_to_binary(slt);
+ if (ERL_BIN_SIZE(pwd_bin) > sizeof(password)) {
+ retval = process_reply(pid, CMD_HASHPW, "Password too long");
+ } else if (ERL_BIN_SIZE(slt_bin) > sizeof(salt)) {
+ retval = process_reply(pid, CMD_HASHPW, "Salt too long");
} else {
- retval = process_reply(pid, CMD_HASHPW, ret);
+ memcpy(password, ERL_BIN_PTR(pwd_bin), ERL_BIN_SIZE(pwd_bin));
+ memcpy(salt, ERL_BIN_PTR(slt_bin), ERL_BIN_SIZE(slt_bin));
+ if (NULL == (ret = bcrypt(password, salt)) ||
+ 0 == strcmp(ret, ":")) {
+ retval = process_reply(pid, CMD_HASHPW, "Invalid salt");
+ } else {
+ retval = process_reply(pid, CMD_HASHPW, ret);
+ }
}
erl_free_term(pwd);
erl_free_term(slt);
- erl_free(password);
- erl_free(salt);
+ erl_free_term(pwd_bin);
+ erl_free_term(slt_bin);
};
erl_free_term(pattern);
return retval;