Switch to atomic fetch of password in serversession

Give an implementation a guarantee of atomic access of the password so that something strange can't happen between the initial check and actual use of the value. Change-Id: I48ae5d8a9c3fb3fea5ec2deeb14fec39aac86ed8
2025-09-04 01:08:08 +00:00 · 2025-05-05 08:53:53 -04:00
parent 3fada0442c
commit 33cff21882
1 changed files with 3 additions and 3 deletions
--- a/pyghmi/ipmi/private/serversession.py
+++ b/pyghmi/ipmi/private/serversession.py
@@ -108,7 +108,8 @@ class ServerSession(ipmisession.Session):
            # ignore null username for now
            return
        self.username = bytes(data[28:])
-        if self.username.decode('utf-8') not in self.authdata:
+        password = self.authdata.get(self.username.decode('utf-8'))
+        if password is None:
            # don't think about invalid usernames for now
            return
        uuidbytes = self.uuid.bytes
@@ -118,8 +119,7 @@ class ServerSession(ipmisession.Session):
                    + self.Rm + self.Rc + uuidbytes
                    + bytearray([self.rolem, len(self.username)]))
        hmacdata += self.username
-        self.kuid = self.authdata[self.username.decode('utf-8')].encode(
-            'utf-8')
+        self.kuid = password.encode('utf-8')
        if self.kg is None:
            self.kg = self.kuid
        authcode = hmac.new(