Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)

To: Aurelien Jarno <aurelien@aurel32.net>
Cc: 714219@bugs.debian.org, debian-glibc@lists.debian.org
Subject: Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
From: Thorsten Glaser <tg@mirbsd.de>
Date: Thu, 27 Jun 2013 00:28:22 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.1306270024230.3287@herc.mirbsd.org>
In-reply-to: <[🔎] 20130627001037.GE13072@hall.aurel32.net>
References: <[🔎] 20130626220647.9086.25208.reportbug@tglase.lan.tarent.de> <handler.714219.B.137228441412378.ack@bugs.debian.org> <[🔎] Pine.BSM.4.64L.1306262247030.3287@herc.mirbsd.org> <[🔎] 20130626233558.GA13072@hall.aurel32.net> <[🔎] Pine.BSM.4.64L.1306262348430.3287@herc.mirbsd.org> <[🔎] 20130627001037.GE13072@hall.aurel32.net>

Aurelien Jarno dixit:

>ambiguity that crypt can return NULL for any failure (i.e. not
>successful completion):

Indeed, but, one, it doesn’t list any other error code (nor do
the glibc manpages) and two, there _is_ something called common
law: it’s been like this for decades.

>This is *your* interpretation of POSIX. Quoting it, there is no

Do you, by inaction, want to sign responsible for all security
holes introduced into previously-working code in the archive
that now, without even a recompilation, breaks?

Or will you add some small patch fixing this behaviour and
feed that patch also upstream?

I do not disagree that user programs “probably” “should” check
for NULL, but let’s face reality. And libc *also* has some part
in the job: it should not make userspace’s live too hard.

bye,
//mirabilos
-- 
Support mksh as /bin/sh and RoQA dash NOW!
‣ src:bash (260 (281) bugs: 0 RC, 182 (196) I&N, 78 (85) M&W, 0 (0) F&P)
‣ src:dash (87 (103) bugs: 3 RC, 41 (46) I&N, 43 (54) M&W, 0 F&P)
‣ src:mksh (2 bugs: 0 RC, 0 I&N, 2 M&W, 0 F&P, 1 gift)
http://qa.debian.org/data/bts/graphs/d/dash.png is pretty red, innit?

Reply to:

Follow-Ups:
- Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
  - From: Aurelien Jarno <aurelien@aurel32.net>

References:
- Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software
  - From: Thorsten Glaser <tg@mirbsd.de>
- Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
  - From: Thorsten Glaser <tg@mirbsd.de>
- Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Processed: Re: Bug#713836: regcomp(3) writes past end of regex_t
Next by Date: Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
Previous by thread: Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
Next by thread: Re: Bug#714219: Acknowledgement (libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software)
Index(es):
- Date
- Thread