bpo-28503: _crypt: fix implicit declaration of crypt(), use crypt_r() if available. by EdSchouten · Pull Request #4691 · python/cpython

Skip to content

Navigation Menu

Sign in

Appearance settings

Conversation

@EdSchouten EdSchouten changed the title _crypt: fix implicit declaration of crypt(), use crypt_r() if available. bpo-28503: _crypt: fix implicit declaration of crypt(), use crypt_r() if available.

Dec 3, 2017
The '_crypt' module provides a binding to the C crypt(3) function. It is
used by the crypt.crypt() function.

Looking at the C code, there are a couple of things we can improve:

- Because crypt() only depends on primitive C types, we currently get
  away with calling it without it being declared. Ensure that we include
  <unistd.h>, which is the POSIX header file declaring this.

- The disadvantage of crypt() is that it's thread-unsafe. Systems like
  Linux and recent versions of FreeBSD nowadays provide crypt_r() as a
  replacement. This function allows you to pass in a 'crypt_data' object
  that will hold the resulting string for you. Extend the code to use
  this function when available.

This patch is actually needed to make this module build on CloudABI
(https://mail.python.org/pipermail/python-dev/2016-July/145708.html).
CloudABI's C library doesn't provide any thread-unsafe functions,
meaning that crypt_r() is the only way you can crypt passwords.

berkerpeksag

Labels