make crypt return an unmatchable hash rather than NULL on failure

unfortunately, a large portion of programs which call crypt are not
prepared for its failure and do not check that the return value is
non-null before using it. thus, always "succeeding" but giving an
unmatchable hash is reportedly a better behavior than failing on
error.

it was suggested that we could do this the same way as other
implementations and put the null-to-unmatchable translation in the
wrapper rather than the individual crypt modules like crypt_des, but
when i tried to do it, i found it was making the logic in __crypt_r
for keeping track of which hash type we're working with and whether it
succeeded or failed much more complex, and potentially error-prone.
the way i'm doing it now seems to have essentially zero cost, anyway.

diff --git a/src/misc/crypt_des.c b/src/misc/crypt_des.c
index 4dc6b4b..4454a13 100644 (file)
--- a/src/misc/crypt_des.c
+++ b/src/misc/crypt_des.c
@@ -1014,11 +1014,8 @@ char *__crypt_des(const char *key, const char *setting, char *output)
         * likely that any alignment related issues would be detected.
         */
        p = _crypt_extended_r_uut(test_key, test_setting, test_buf);
-       if (p && !strcmp(p, test_hash))
+       if (p && !strcmp(p, test_hash) && retval)
                return retval;
 
-       /*
-        * Should not happen.
-        */
-       return NULL;
+       return (setting[0]=='*') ? "x" : "*";
 }