Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <85a579c7-a789-5678-28dc-17802cb56d4b@evolvis.org>
Date: Mon, 30 Dec 2024 18:45:51 +0100 (CET)
From: Thorsten Glaser <tg@...lvis.org>
To: musl@...ts.openwall.com
cc: Runxi Yu <runxiyuld@...xiyu.org>
Subject: Re: crypt(3) returns "*" from read-only region, segfaulting
 passwd(1) on Alpine for long passwords

On Mon, 30 Dec 2024, Rich Felker wrote:

>Indeed. I think there's a good chance we should revise the decision
>not to return an error from the crypt interfaces (opting instead to

crypt(3) is defined to return a nōn-constant string (bad interface,
yes) in case of success ONLY and NULL in case of error, so yes, do.

>return unmatchable hash), but this is not the relevant point in the
>code, and regardless, the code that's trying to overwrite the
>unknown-size buffer returned by crypt is certainly in the wrong and in
>need of fixing, independent of whatever changes we might make.

Given it’s defined as returning a writable, NUL-terminated, string,
the code works under acceptable assumptions, and I don’t think it
should need to change. (Not my code, and I probably wouldn’t write
that, but…).

bye,
//mirabilos
-- 
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
	-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.