|
 |
1f04f2 |
commit 8596e298f761c32cecff45424f5242cd14269292
|
|
|
1f04f2 |
Author: Zack Weinberg <zackw@panix.com>
|
|
|
1f04f2 |
Date: Tue Aug 7 21:35:12 2018 -0400
|
|
|
1f04f2 |
|
|
|
1f04f2 |
Add configure option --disable-failure-tokens.
|
|
|
1f04f2 |
|
|
|
1f04f2 |
When this option is given, crypt and crypt_r will return NULL on
|
|
|
1f04f2 |
failure, instead of a special "failure token" string that isn't the
|
|
|
1f04f2 |
hash of any passphrase. This was the historical behavior of glibc,
|
|
|
1f04f2 |
FreeBSD libc, and several other implementations.
|
|
|
1f04f2 |
|
|
|
1f04f2 |
diff --git a/configure.ac b/configure.ac
|
|
|
1f04f2 |
index a22a5926bd82f729..23651f9c5c886107 100644
|
|
|
1f04f2 |
--- a/configure.ac
|
|
|
1f04f2 |
+++ b/configure.ac
|
|
|
1f04f2 |
@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([
|
|
|
1f04f2 |
])
|
|
|
1f04f2 |
|
|
|
1f04f2 |
# Configure options.
|
|
|
1f04f2 |
+AC_ARG_ENABLE([failure-tokens],
|
|
|
1f04f2 |
+ AS_HELP_STRING(
|
|
|
1f04f2 |
+ [--disable-failure-tokens],
|
|
|
1f04f2 |
+ [Make crypt and crypt_r return NULL on failure, instead of a
|
|
|
1f04f2 |
+ special "failure token" string that isn't the hash of any
|
|
|
1f04f2 |
+ passphrase. This matches the behavior of several other
|
|
|
1f04f2 |
+ crypt implementations, but will break programs that assume these
|
|
|
1f04f2 |
+ functions never return NULL. crypt_rn and crypt_ra are not affected
|
|
|
1f04f2 |
+ by this option, and will always return NULL on failure.]
|
|
|
1f04f2 |
+ ),
|
|
|
1f04f2 |
+ [case "$enableval" in
|
|
|
1f04f2 |
+ yes) enable_failure_tokens=1;;
|
|
|
1f04f2 |
+ no) enable_failure_tokens=0;;
|
|
|
1f04f2 |
+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);;
|
|
|
1f04f2 |
+ esac],
|
|
|
1f04f2 |
+ [enable_failure_tokens=1])
|
|
|
1f04f2 |
+AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens],
|
|
|
1f04f2 |
+ [Define to 1 if crypt and crypt_r should return a "failure token" on
|
|
|
1f04f2 |
+ failure, or 0 if they should return NULL.])
|
|
|
1f04f2 |
|
|
|
1f04f2 |
AC_ARG_ENABLE([obsolete-api],
|
|
|
1f04f2 |
AS_HELP_STRING(
|
|
|
1f04f2 |
diff --git a/crypt.c b/crypt.c
|
|
|
1f04f2 |
index 9a3e19214e613097..839763afad14eaa9 100644
|
|
|
1f04f2 |
--- a/crypt.c
|
|
|
1f04f2 |
+++ b/crypt.c
|
|
|
1f04f2 |
@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
|
|
|
1f04f2 |
{
|
|
|
1f04f2 |
make_failure_token (setting, data->output, sizeof data->output);
|
|
|
1f04f2 |
do_crypt (phrase, setting, data);
|
|
|
1f04f2 |
+#if ENABLE_FAILURE_TOKENS
|
|
|
1f04f2 |
return data->output;
|
|
|
1f04f2 |
+#else
|
|
|
1f04f2 |
+ return data->output[0] == '*' ? 0 : data->output;
|
|
|
1f04f2 |
+#endif
|
|
|
1f04f2 |
}
|
|
|
1f04f2 |
SYMVER_crypt_r;
|
|
|
1f04f2 |
#endif
|
|
|
1f04f2 |
diff --git a/crypt_rn.3 b/crypt_rn.3
|
|
|
1f04f2 |
index 24da44cfce19716b..d021c4ed4a046e04 100644
|
|
|
1f04f2 |
--- a/crypt_rn.3
|
|
|
1f04f2 |
+++ b/crypt_rn.3
|
|
|
1f04f2 |
@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate
|
|
|
1f04f2 |
object is used for each thread.
|
|
|
1f04f2 |
.PP
|
|
|
1f04f2 |
Upon error,
|
|
|
1f04f2 |
-.B crypt
|
|
|
1f04f2 |
-and
|
|
|
1f04f2 |
-.B crypt_r
|
|
|
1f04f2 |
-return a pointer to an
|
|
|
1f04f2 |
+.BR crypt_r ", " crypt_rn ", and " crypt_ra
|
|
|
1f04f2 |
+write an
|
|
|
1f04f2 |
.I invalid
|
|
|
1f04f2 |
-hashed passphrase.
|
|
|
1f04f2 |
+hashed passphrase to the
|
|
|
1f04f2 |
+.I output
|
|
|
1f04f2 |
+field of their
|
|
|
1f04f2 |
+.I crypt_data
|
|
|
1f04f2 |
+object, and
|
|
|
1f04f2 |
+.B crypt
|
|
|
1f04f2 |
+writes an invalid hash to its static storage area.
|
|
|
1f04f2 |
This string will be shorter than 13 characters,
|
|
|
1f04f2 |
will begin with a \(oq\fB*\fR\(cq,
|
|
|
1f04f2 |
and will not compare equal to
|
|
|
1f04f2 |
.IR setting .
|
|
|
1f04f2 |
-(This peculiar behavior is for compatibility
|
|
|
1f04f2 |
+.PP
|
|
|
1f04f2 |
+Upon error,
|
|
|
1f04f2 |
+.BR crypt_rn " and " crypt_ra
|
|
|
1f04f2 |
+return a null pointer.
|
|
|
1f04f2 |
+.BR crypt_r " and " crypt
|
|
|
1f04f2 |
+may also return a null pointer,
|
|
|
1f04f2 |
+or they may return a pointer to the invalid hash,
|
|
|
1f04f2 |
+depending on how
|
|
|
1f04f2 |
+.I libcrypt
|
|
|
1f04f2 |
+was configured.
|
|
|
1f04f2 |
+(The option to return the invalid hash is for compatibility
|
|
|
1f04f2 |
with old applications that assume that
|
|
|
1f04f2 |
.B crypt
|
|
|
1f04f2 |
cannot return a null pointer.
|
|
|
1f04f2 |
@@ -222,15 +236,6 @@ See
|
|
|
1f04f2 |
.B "PORTABILITY NOTES"
|
|
|
1f04f2 |
below.)
|
|
|
1f04f2 |
.PP
|
|
|
1f04f2 |
-.B crypt_rn
|
|
|
1f04f2 |
-and
|
|
|
1f04f2 |
-.B crypt_ra
|
|
|
1f04f2 |
-also write an invalid hashed passphrase to the
|
|
|
1f04f2 |
-.I output
|
|
|
1f04f2 |
-field of their
|
|
|
1f04f2 |
-.I crypt_data
|
|
|
1f04f2 |
-object when they fail, but they return a null pointer.
|
|
|
1f04f2 |
-.PP
|
|
|
1f04f2 |
All four functions set
|
|
|
1f04f2 |
.I errno
|
|
|
1f04f2 |
when they fail.
|
|
|
1f04f2 |
diff --git a/test-badsalt.c b/test-badsalt.c
|
|
|
1f04f2 |
index b2743373628b1f3f..3d2e47ac0e7647bd 100644
|
|
|
1f04f2 |
--- a/test-badsalt.c
|
|
|
1f04f2 |
+++ b/test-badsalt.c
|
|
|
1f04f2 |
@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn,
|
|
|
1f04f2 |
const char *retval, const char *setting,
|
|
|
1f04f2 |
bool expected_to_succeed)
|
|
|
1f04f2 |
{
|
|
|
1f04f2 |
- /* crypt/crypt_r should never return null */
|
|
|
1f04f2 |
+#if ENABLE_FAILURE_TOKENS
|
|
|
1f04f2 |
+ /* crypt/crypt_r never return null when failure tokens are enabled */
|
|
|
1f04f2 |
if (!retval)
|
|
|
1f04f2 |
{
|
|
|
1f04f2 |
printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
|
|
|
1f04f2 |
return false;
|
|
|
1f04f2 |
}
|
|
|
1f04f2 |
+#else
|
|
|
1f04f2 |
+ if (expected_to_succeed && !retval)
|
|
|
1f04f2 |
+ {
|
|
|
1f04f2 |
+ printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
|
|
|
1f04f2 |
+ return false;
|
|
|
1f04f2 |
+ }
|
|
|
1f04f2 |
+ else if (!expected_to_succeed && retval)
|
|
|
1f04f2 |
+ {
|
|
|
1f04f2 |
+ printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n",
|
|
|
1f04f2 |
+ label, setting, fn, (const void *)retval);
|
|
|
1f04f2 |
+ return false;
|
|
|
1f04f2 |
+ }
|
|
|
1f04f2 |
+ else if (!expected_to_succeed && !retval)
|
|
|
1f04f2 |
+ return true;
|
|
|
1f04f2 |
+#endif
|
|
|
1f04f2 |
if (!check_results (label, fn, retval, setting,
|
|
|
1f04f2 |
expected_to_succeed))
|
|
|
1f04f2 |
return false;
|
|
|
1f04f2 |
diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c
|
|
|
1f04f2 |
index 0e6af1626a605086..6be24a99ca7f9015 100644
|
|
|
1f04f2 |
--- a/test-crypt-badargs.c
|
|
|
1f04f2 |
+++ b/test-crypt-badargs.c
|
|
|
1f04f2 |
@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag,
|
|
|
1f04f2 |
check (tag, expect, got);
|
|
|
1f04f2 |
}
|
|
|
1f04f2 |
|
|
|
1f04f2 |
+#if ENABLE_FAILURE_TOKENS
|
|
|
1f04f2 |
+# define FT0 "*0"
|
|
|
1f04f2 |
+# define FT1 "*1"
|
|
|
1f04f2 |
+#else
|
|
|
1f04f2 |
+# define FT0 0
|
|
|
1f04f2 |
+# define FT1 0
|
|
|
1f04f2 |
+#endif
|
|
|
1f04f2 |
+
|
|
|
1f04f2 |
/* PAGE should point to PAGESIZE bytes of read-write memory followed
|
|
|
1f04f2 |
by another PAGESIZE bytes of inaccessible memory. */
|
|
|
1f04f2 |
|
|
|
1f04f2 |
@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize)
|
|
|
1f04f2 |
size_t i;
|
|
|
1f04f2 |
|
|
|
1f04f2 |
/* When SETTING is null, it shouldn't matter what PHRASE is. */
|
|
|
1f04f2 |
- expect_no_fault ("0.0.crypt", 0, 0, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("0.0.crypt_r", 0, 0, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("0.0.crypt", 0, 0, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("0.0.crypt_r", 0, 0, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("0.0.crypt_rn", 0, 0, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("0.0.crypt_ra", 0, 0, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("''.0.crypt", "", 0, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("''.0.crypt_r", "", 0, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("''.0.crypt", "", 0, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("''.0.crypt_r", "", 0, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("''.0.crypt_rn", "", 0, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("''.0.crypt_ra", "", 0, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("ph.0.crypt", phrase, 0, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("ph.0.crypt_r", phrase, 0, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("ph.0.crypt", phrase, 0, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("ph.0.crypt_r", phrase, 0, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("p1.0.crypt", p1, 0, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("p1.0.crypt_r", p1, 0, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("p1.0.crypt", p1, 0, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("p1.0.crypt_r", p1, 0, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("p1.0.crypt_rn", p1, 0, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("p1.0.crypt_ra", p1, 0, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("p2.0.crypt", p2, 0, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("p2.0.crypt_r", p2, 0, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("p2.0.crypt", p2, 0, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("p2.0.crypt_r", p2, 0, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("p2.0.crypt_rn", p2, 0, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("p2.0.crypt_ra", p2, 0, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
/* Conversely, when PHRASE is null,
|
|
|
1f04f2 |
it shouldn't matter what SETTING is... */
|
|
|
1f04f2 |
- expect_no_fault ("0.''.crypt", 0, "", "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("0.''.crypt_r", 0, "", "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("0.''.crypt", 0, "", FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("0.''.crypt_r", 0, "", FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("0.''.crypt_rn", 0, "", 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("0.''.crypt_ra", 0, "", 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("0.'*'.crypt", 0, "*", "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("0.'*'.crypt_r", 0, "*", "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("0.'*'.crypt", 0, "*", FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("0.'*'.crypt_r", 0, "*", FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("0.'*0'.crypt", 0, "*0", "*1", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("0.'*0'.crypt_r", 0, "*0", "*1", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("0.'*0'.crypt", 0, "*0", FT1, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("0.'*0'.crypt_r", 0, "*0", FT1, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("0.'*1'.crypt", 0, "*1", "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("0.'*1'.crypt_r", 0, "*1", "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("0.'*1'.crypt", 0, "*1", FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("0.'*1'.crypt_r", 0, "*1", FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
- expect_no_fault ("0.p1.crypt", 0, p1, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_no_fault ("0.p1.crypt_r", 0, p1, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_no_fault ("0.p1.crypt", 0, p1, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_no_fault ("0.p1.crypt_r", 0, p1, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_no_fault ("0.p1.crypt_rn", 0, p1, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_no_fault ("0.p1.crypt_ra", 0, p1, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize)
|
|
|
1f04f2 |
bug, but it's impractical to fix without breaking the property
|
|
|
1f04f2 |
that 'crypt' _never_ creates a failure token that is equal to the
|
|
|
1f04f2 |
setting string, which is more important than this corner case. */
|
|
|
1f04f2 |
- expect_a_fault ("0.p2.crypt", 0, p2, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_a_fault ("0.p2.crypt_r", 0, p2, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_a_fault ("0.p2.crypt", 0, p2, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_a_fault ("0.p2.crypt_r", 0, p2, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_a_fault ("0.p2.crypt_rn", 0, p2, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_a_fault ("0.p2.crypt_ra", 0, p2, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize)
|
|
|
1f04f2 |
strcpy (page, "p1.'");
|
|
|
1f04f2 |
strcat (page, settings[i]);
|
|
|
1f04f2 |
strcat (page, "'.crypt");
|
|
|
1f04f2 |
- expect_a_fault (page, p1, settings[i], "*0", test_crypt);
|
|
|
1f04f2 |
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt);
|
|
|
1f04f2 |
strcat (page, "_r");
|
|
|
1f04f2 |
- expect_a_fault (page, p1, settings[i], "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt_r);
|
|
|
1f04f2 |
strcat (page, "n");
|
|
|
1f04f2 |
expect_a_fault (page, p1, settings[i], 0, test_crypt_rn);
|
|
|
1f04f2 |
page [strlen (page) - 1] = 'a';
|
|
|
1f04f2 |
@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize)
|
|
|
1f04f2 |
strcpy (page, "p2.'");
|
|
|
1f04f2 |
strcat (page, settings[i]);
|
|
|
1f04f2 |
strcat (page, "'.crypt");
|
|
|
1f04f2 |
- expect_a_fault (page, p2, settings[i], "*0", test_crypt);
|
|
|
1f04f2 |
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt);
|
|
|
1f04f2 |
strcat (page, "_r");
|
|
|
1f04f2 |
- expect_a_fault (page, p2, settings[i], "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt_r);
|
|
|
1f04f2 |
strcat (page, "n");
|
|
|
1f04f2 |
expect_a_fault (page, p2, settings[i], 0, test_crypt_rn);
|
|
|
1f04f2 |
page [strlen (page) - 1] = 'a';
|
|
|
1f04f2 |
@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize)
|
|
|
1f04f2 |
|
|
|
1f04f2 |
/* Conversely, when PHRASE is valid, passing an invalid string as SETTING
|
|
|
1f04f2 |
should crash reliably. */
|
|
|
1f04f2 |
- expect_a_fault ("ph.p2.crypt", phrase, p2, "*0", test_crypt);
|
|
|
1f04f2 |
- expect_a_fault ("ph.p2.crypt_r", phrase, p2, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_a_fault ("ph.p2.crypt", phrase, p2, FT0, test_crypt);
|
|
|
1f04f2 |
+ expect_a_fault ("ph.p2.crypt_r", phrase, p2, FT0, test_crypt_r);
|
|
|
1f04f2 |
expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0, test_crypt_rn);
|
|
|
1f04f2 |
expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0, test_crypt_ra);
|
|
|
1f04f2 |
|
|
|
1f04f2 |
@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize)
|
|
|
1f04f2 |
strcpy (page, "ph.'");
|
|
|
1f04f2 |
strcat (page, settings[i]);
|
|
|
1f04f2 |
strcat (page, ".crypt");
|
|
|
1f04f2 |
- expect_a_fault (page, phrase, p1, "*0", test_crypt);
|
|
|
1f04f2 |
+ expect_a_fault (page, phrase, p1, FT0, test_crypt);
|
|
|
1f04f2 |
strcat (page, "_r");
|
|
|
1f04f2 |
- expect_a_fault (page, phrase, p1, "*0", test_crypt_r);
|
|
|
1f04f2 |
+ expect_a_fault (page, phrase, p1, FT0, test_crypt_r);
|
|
|
1f04f2 |
strcat (page, "n");
|
|
|
1f04f2 |
expect_a_fault (page, phrase, p1, 0, test_crypt_rn);
|
|
|
1f04f2 |
page [strlen (page) - 1] = 'a';
|
|
|
1f04f2 |
diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c
|
|
|
1f04f2 |
index c984e4d47d8df2c6..bf149b405bd408c7 100644
|
|
|
1f04f2 |
--- a/test-crypt-bcrypt.c
|
|
|
1f04f2 |
+++ b/test-crypt-bcrypt.c
|
|
|
1f04f2 |
@@ -194,8 +194,12 @@ main (void)
|
|
|
1f04f2 |
errno = 0;
|
|
|
1f04f2 |
p = crypt (key, setting);
|
|
|
1f04f2 |
errnm = errno;
|
|
|
1f04f2 |
+#if ENABLE_FAILURE_TOKENS
|
|
|
1f04f2 |
match = strcmp (p, hash);
|
|
|
1f04f2 |
- if ((!ok && !errno) || strcmp (p, hash))
|
|
|
1f04f2 |
+#else
|
|
|
1f04f2 |
+ match = (ok ? strcmp (p, hash) : p != 0);
|
|
|
1f04f2 |
+#endif
|
|
|
1f04f2 |
+ if ((!ok && !errno) || match)
|
|
|
1f04f2 |
{
|
|
|
1f04f2 |
printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, "
|
|
|
1f04f2 |
"p=%s match=%d err=%s\n",
|