Skip to content

Instantly share code, notes, and snippets.

@Hamled

Hamled/bcrypt_ext.c Secret

Created April 30, 2015 01:06
Show Gist options
  • Save Hamled/2490a515337fde9c992d to your computer and use it in GitHub Desktop.
Save Hamled/2490a515337fde9c992d to your computer and use it in GitHub Desktop.
Download ZIP
bcrypt issue
Raw
bcrypt_ext.c
/* Actually line: 39 */
/* Given a secret and a salt, generates a salted hash (which you can then store safely).
*/
static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
char * value;
void * data;
int size;
VALUE out;
data = NULL;
size = 0xDEADBEEF;
if(NIL_P(key) || NIL_P(setting)) return Qnil;
rb_warn("StringValuePtr(key): %s", StringValuePtr(key));
VALUE key_str = rb_string_value(&key);
rb_warn("key - rb_string_value(&key) = %d", (int)(key - key_str));
rb_warn("StringValuePtr(rb_string_value(&key)): %s", StringValuePtr(key_str));
char * key_str_ptr = RSTRING_PTR(key_str);
rb_warn("StringValuePtr(RSTRING_PTR(rb_string_value(&key))): %s", StringValuePtr(key));
rb_warn("RSTRING_PTR(rb_string_value(&key)): %s", key_str_ptr);
value = crypt_ra(
NIL_P(key) ? NULL : StringValuePtr(key),
NIL_P(setting) ? NULL : StringValuePtr(setting),
&data,
&size);
if(!value) return Qnil;
out = rb_str_new(data, size - 1);
xfree(data);
return out;
}
Raw
engine.rb
# Actually line: 43
# Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
# a bcrypt() password hash.
def self.hash_secret(secret, salt, _ = nil)
if valid_secret?(secret)
if valid_salt?(salt)
if RUBY_PLATFORM == "java"
Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s, salt.to_s)
else
puts secret
ret2 = __bc_crypt("Ozlo!Nix6", "$2a$10$Tr3Lz.9gIfl93YGNUMA/.u")
ret1 = __bc_crypt(secret.to_s, salt)
return ret1
end
else
raise Errors::InvalidSalt.new("invalid salt")
end
else
raise Errors::InvalidSecret.new("invalid secret")
end
end
Raw
output
Ozlo!Nix6
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:52: warning: StringValuePtr(key): Ozlo!Nix6
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:52: warning: key - rb_string_value(&key) = 0
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:52: warning: StringValuePtr(rb_string_value(&key)): Ozlo!Nix6
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:52: warning: StringValuePtr(RSTRING_PTR(rb_string_value(&key))): Ozlo!Nix6
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:52: warning: RSTRING_PTR(rb_string_value(&key)): Ozlo!Nix6
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:53: warning: StringValuePtr(key): Ozlo!Nix6 \234 
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:53: warning: key - rb_string_value(&key) = 0
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:53: warning: StringValuePtr(rb_string_value(&key)): Ozlo!Nix6 \234 
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:53: warning: StringValuePtr(RSTRING_PTR(rb_string_value(&key))): Ozlo!Nix6 \234 
/Users/charles/.gem/ruby/2.2.0/gems/bcrypt-3.1.10/lib/bcrypt/engine.rb:53: warning: RSTRING_PTR(rb_string_value(&key)): Ozlo!Nix6 \234 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment