[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    OpenBSD bcrypt return value on errors
From:       loganaden () devio ! us (Loganaden Velvindron)
Date:       2012-02-26 5:29:10
Message-ID: 20120226052910.63B7B1B5BFE () wolfman ! devio ! us
[Download RAW message or body]

According to http://www.openwall.com/lists/oss-security/2011/11/15/3,
it would be preferable to use something else than ':' when an error
is encountered.

According to crypt(3), crypt() should return NULL values on errors.

Index: src/lib/libc/crypt/bcrypt.c
===================================================================
RCS file: /cvs/src/lib/libc/crypt/bcrypt.c,v
retrieving revision 1.24
diff -u -p -r1.24 bcrypt.c
--- src/lib/libc/crypt/bcrypt.c	2 Apr 2008 19:54:05 -0000	1.24
+++ src/lib/libc/crypt/bcrypt.c	26 Feb 2012 05:19:27 -0000
@@ -70,7 +70,6 @@ static void decode_base64(u_int8_t *, u_
 
 static char    encrypted[_PASSWORD_LEN];
 static char    gsalt[7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1];
-static char    error[] = ":";
 
 const static u_int8_t Base64Code[] =
 "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
@@ -185,8 +184,9 @@ bcrypt(const char *key, const char *salt
 	salt++;
 
 	if (*salt > BCRYPT_VERSION) {
-		/* How do I handle errors ? Return ':' */
-		return error;
+		/* How do I handle errors ? Return NULL according to
+		   crypt(3) */
+		return NULL;
 	}
 
 	/* Check for minor versions */
@@ -198,7 +198,7 @@ bcrypt(const char *key, const char *salt
 			 salt++;
 			 break;
 		 default:
-			 return error;
+			 return NULL;
 		 }
 	} else
 		 minor = 0;
@@ -208,21 +208,21 @@ bcrypt(const char *key, const char *salt
 
 	if (salt[2] != '$')
 		/* Out of sync with passwd entry */
-		return error;
+		return NULL;
 
 	/* Computer power doesn't increase linear, 2^x should be fine */
 	n = atoi(salt);
 	if (n > 31 || n < 0)
-		return error;
+		return NULL;
 	logr = (u_int8_t)n;
 	if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS)
-		return error;
+		return NULL;
 
 	/* Discard num rounds + "$" identifier */
 	salt += 3;
 
 	if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT)
-		return error;
+		return NULL;
 
 	/* We dont want the base64 salt but the raw data */
 	decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt);

[prev in list] [next in list] [prev in thread] [next in thread]