On Mon, Feb 10, 2014, at 10:35, Rich Felker wrote: > On Sun, Feb 09, 2014 at 12:52:50PM +0100, Denys Vlasenko wrote: > > The old behavior was to return ""? > > (I have no old glibc at hand to check it quickly). > > > > Since we have exactly one crypt() call in the entire busybox, > > the easiest fix would be to just add > > if (NULL) return ""; > > there. Are there downsides to that? > > Are you sure glibc used to return "" on invalid inputs? I thought it > returned something unmatchable. Returning "" is mildly dangerous since > you could end up storing a blank password in the database and allowing > logins with no password, but if that's protected against, you should > be fine.
Yes, it works that way. Tested on 2.7. - Lauri -- http://www.fastmail.fm - Send your email first class _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
