diff options
author | Rich Felker <dalias@aerifal.cx> | 2012-08-09 20:47:17 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2012-08-09 20:47:17 -0400 |
commit | b3c4cc121f70faea45389fe7ddc1127ed5cbd8bb (patch) | |
tree | 3bebd913d79b7acac599853a2e82c0831421ae77 | |
parent | ae0b9da48c91087c5ab78e4918deb69665d0ccc6 (diff) | |
download | musl-b3c4cc121f70faea45389fe7ddc1127ed5cbd8bb.tar.gz musl-b3c4cc121f70faea45389fe7ddc1127ed5cbd8bb.tar.xz musl-b3c4cc121f70faea45389fe7ddc1127ed5cbd8bb.zip |
make crypt return an unmatchable hash rather than NULL on failure
unfortunately, a large portion of programs which call crypt are not prepared for its failure and do not check that the return value is non-null before using it. thus, always "succeeding" but giving an unmatchable hash is reportedly a better behavior than failing on error. it was suggested that we could do this the same way as other implementations and put the null-to-unmatchable translation in the wrapper rather than the individual crypt modules like crypt_des, but when i tried to do it, i found it was making the logic in __crypt_r for keeping track of which hash type we're working with and whether it succeeded or failed much more complex, and potentially error-prone. the way i'm doing it now seems to have essentially zero cost, anyway.
-rw-r--r-- | src/misc/crypt_des.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/src/misc/crypt_des.c b/src/misc/crypt_des.c index 4dc6b4b5..4454a130 100644 --- a/src/misc/crypt_des.c +++ b/src/misc/crypt_des.c @@ -1014,11 +1014,8 @@ char *__crypt_des(const char *key, const char *setting, char *output) * likely that any alignment related issues would be detected. */ p = _crypt_extended_r_uut(test_key, test_setting, test_buf); - if (p && !strcmp(p, test_hash)) + if (p && !strcmp(p, test_hash) && retval) return retval; - /* - * Should not happen. - */ - return NULL; + return (setting[0]=='*') ? "x" : "*"; } |