eric
/
pascal_bcrypt
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Memory leaks in VerifyHash #4

New Issue
Closed
opened 2016-06-23 09:57:09 -07:00 by madorin · 3 comments
madorin commented 2016-06-23 09:57:09 -07:00 (Migrated from github.com)
Copy Link

Function VerifyHash have some early Exits: Line 756, L761, so RegExp.Free will never get called in case of exits.

Probably best way is to use a small check function like ValidHash instead using regular expressions.

Function [VerifyHash](https://github.com/renegadebbs/pascal_bcrypt/blob/master/BCrypt.pas#L738) have some early Exits: [Line 756](https://github.com/renegadebbs/pascal_bcrypt/blob/master/BCrypt.pas#L756), [L761](https://github.com/renegadebbs/pascal_bcrypt/blob/master/BCrypt.pas#L761), so [RegExp.Free](https://github.com/renegadebbs/pascal_bcrypt/blob/master/BCrypt.pas#L777) will never get called in case of exits. Probably best way is to use a small check function like ValidHash instead using regular expressions.
👍 1
sikofitt commented 2016-06-23 10:09:19 -07:00 (Migrated from github.com)
Copy Link

I completely agree. This is on the top of the to do list. (issue #1) Sadly work and some other projects have left me neglecting this for awhile.

I completely agree. This is on the top of the to do list. (issue #1) Sadly work and some other projects have left me neglecting this for awhile.
madorin commented 2016-06-23 10:19:40 -07:00 (Migrated from github.com)
Copy Link

If i'll have some time, probably in next days, may implement a small check function.
By the way, does it compile OK under XE10? is it unicode-aware?
Ill need soon due to an extension written in Delphi of a PHP project.

If i'll have some time, probably in next days, may implement a small check function. By the way, does it compile OK under XE10? is it unicode-aware? Ill need soon due to an extension written in Delphi of a PHP project.
sikofitt commented 2016-11-03 14:36:54 -07:00 (Migrated from github.com)
Copy Link

Commit fe19f3bc49 should fix this. Sorry it took 4+ months. I'm guessing you probably implemented something else since then.

Also, I don't have any Delphi products to check if it compiles under that. I think all implementations of bcrypt, unicode strings need to be encoded before hand. I could be wrong though.

Commit fe19f3bc4900d24198148f82803f9d83e620f465 should fix this. Sorry it took 4+ months. I'm guessing you probably implemented something else since then. Also, I don't have any Delphi products to check if it compiles under that. I think all implementations of bcrypt, unicode strings need to be encoded before hand. I could be wrong though.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
3-use-windows-cryptgenrandom-function-instead-of-randomrange
v0.1.0
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
question

   
wontfix
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: eric/pascal_bcrypt#4
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?