From e1ed0f46caf49be26a43628375d0b09ca79a7b97 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 16 Sep 2022 10:22:40 -0400
Subject: [PATCH] fixes #416 -- correctly handle invalid salts (#417)

---
 src/_bcrypt/src/lib.rs | 4 +++-
 tests/test_bcrypt.py   | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/_bcrypt/src/lib.rs b/src/_bcrypt/src/lib.rs
index 8e61c3d..b323e32 100644
--- a/src/_bcrypt/src/lib.rs
+++ b/src/_bcrypt/src/lib.rs
@@ -49,7 +49,9 @@ fn hashpass<'p>(
         .try_into()
         .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?;
 
-    let hashed = py.allow_threads(|| bcrypt::hash_with_salt(password, cost, raw_salt).unwrap());
+    let hashed = py
+        .allow_threads(|| bcrypt::hash_with_salt(password, cost, raw_salt))
+        .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?;
     Ok(pyo3::types::PyBytes::new(
         py,
         hashed.format_for_version(version).as_bytes(),
diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py
index c6deb85..f0df6bf 100644
--- a/tests/test_bcrypt.py
+++ b/tests/test_bcrypt.py
@@ -272,6 +272,11 @@ def test_checkpw_bad_salt():
             b"badpass",
             b"$2b$04$?Siw3Nv3Q/gTOIPetAyPr.GNj3aO0lb1E5E9UumYGKjP9BYqlNWJe",
         )
+    with pytest.raises(ValueError):
+        bcrypt.checkpw(
+            b"password",
+            b"$2b$3$mdEQPMOtfPX.WGZNXgF66OhmBlOGKEd66SQ7DyJPGucYYmvTJYviy",
+        )
 
 
 def test_checkpw_str_password():