diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2023-07-04 22:02:41 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2023-07-04 22:02:41 -0700 |
| commit | 5c366edcdaca2b8c956ae2d15316950270328fb2 (patch) | |
| tree | a1f911cdcce11b40471dda8b0c947b45fee3cd3f | |
| parent | 9654400f6e9c9d25d95c6429662459db298e81ed (diff) | |
| download | txr-5c366edcdaca2b8c956ae2d15316950270328fb2.tar.gz txr-5c366edcdaca2b8c956ae2d15316950270328fb2.tar.bz2 txr-5c366edcdaca2b8c956ae2d15316950270328fb2.zip | |
crypt: handle libxcrypt failure tokens.
Some OS distros have switched to a library called libxcrypt,
which, instead of returning null on failure, like the Glibc
crypt, returns a valid "failure token" string starting with
a * character, which is guaranteed to be different from the
salt argument.
We should check for this so that we handle errors uniformly.
Users are reporting failing crypt tests that are coming
up with "*0" instead of throwing an exception.
* sysif.c (crypt_wrap): Only accept a non-null result if
it isn't one of the two strings "*0" and "*1".
| -rw-r--r-- | sysif.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -2081,7 +2081,9 @@ static val crypt_wrap(val wkey, val wsalt) free(key); free(salt); - if (hash != 0) { + /* libxcrypt puts out two possible failure tokens "*0" or "*1". + */ + if (hash != 0 && strcmp(hash, "*0") != 0 && strcmp(hash, "*1") != 0) { val ret = string_utf8(hash); #if HAVE_CRYPT_R free(cd); |