On 2023-09-03 19:58, Celeste wrote:
> Thanks for taking the time to look into this issue, Kaz.
>
> The patch, however, does not solve the failing test on musl.
>
> (crypt "a" "*$") returns "*$OGH2VZh3lDE", which is also the output of `mkpasswd -m des -S '*$' a`, in case you want to try it in an Alpine VM.
OK, thanks, I have a better idea now.
Let's make the test
(crypt "a" "::") :error
Musl's crypt is actually routing all the unrecognized salt codes to DES.
There is no $9$ algorithm.
Its DES implementation accepts salts that are invalid in traditional
crypt; it accepts almost anything.
According to the code, only these characters are disallowed:
NUL, NL and : (colon):
/*
* When we choose to "support" invalid salts, nevertheless disallow those
* containing characters that would violate the passwd file format.
*/
static inline int ascii_is_unsafe(unsigned char ch)
{
return !ch || ch == '\n' || ch == ':';
}
My motivation is that I would like to have at least one test which elicits
a null return from crypt due to bad input, in addition to the
(crypt "a" "b") :error test.
(text/plain)