# HG changeset patch
# User Alex Gaynor <alex.gaynor@gmail.com>
# Date 1663338160 14400
#      Fri Sep 16 10:22:40 2022 -0400
# Node ID 3198c8c2410c5ea0bff854f0eba1467962e1a1e7
# Parent  eb566079b8eaa6d7f6147805ac87a7ee26454c65
fixes #416 -- correctly handle invalid salts (#417)

diff --git a/src/_bcrypt/src/lib.rs b/src/_bcrypt/src/lib.rs
--- a/src/_bcrypt/src/lib.rs
+++ b/src/_bcrypt/src/lib.rs
@@ -49,7 +49,9 @@
         .try_into()
         .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?;
 
-    let hashed = py.allow_threads(|| bcrypt::hash_with_salt(password, cost, raw_salt).unwrap());
+    let hashed = py
+        .allow_threads(|| bcrypt::hash_with_salt(password, cost, raw_salt))
+        .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?;
     Ok(pyo3::types::PyBytes::new(
         py,
         hashed.format_for_version(version).as_bytes(),
diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py
--- a/tests/test_bcrypt.py
+++ b/tests/test_bcrypt.py
@@ -272,6 +272,11 @@
             b"badpass",
             b"$2b$04$?Siw3Nv3Q/gTOIPetAyPr.GNj3aO0lb1E5E9UumYGKjP9BYqlNWJe",
         )
+    with pytest.raises(ValueError):
+        bcrypt.checkpw(
+            b"password",
+            b"$2b$3$mdEQPMOtfPX.WGZNXgF66OhmBlOGKEd66SQ7DyJPGucYYmvTJYviy",
+        )
 
 
 def test_checkpw_str_password():