Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix error handling
The behaviour on error of crypt(3) is tricky. The only real error it can
return is {error,enosys} on platforms not supporting it (the old
implementation would have returned {error, {crypt, "enosys"}}).

Change the behaviour of the module to test for NULL before loading. If
there is any error, there is no point loading the library.

In the event of an error, the crypt implementation may choose to return
NULL (crypt/2 will throw a bad arg exception) or return a fixed string
(the caller will need to check for this case if it is a concern).
  • Loading branch information
msantos committed Mar 14, 2012
1 parent e167e73 commit 21a74d6
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 31 deletions.
66 changes: 54 additions & 12 deletions README.md
@@ -1,21 +1,68 @@
Wrapper around the system crypt(3) library for Erlang.

Erlang R13B03 (erts-5.7.4) [source] [rq:1] [async-threads:0] [hipe] [kernel-poll:false]
## WARNING

Which algorithms are supported by crypt are dependent on the system
crypt(3) library. For example, Mac OS X only supports DES (booooooo!!!!).


## USAGE

crypt(Password, Salt) -> Crypted

Types Password = string()
Salt = string()
Crypted = string()

Eshell V5.7.4 (abort with ^G)
Calls the system crypt(3) function with the provided arguments.

If crypt(3) is not supported by the OS, the crypt module will
fail to load.

Depending on your system crypt(3) library, errors may or may not
be returned. Some implementations return NULL. If this occurs,
crypt/2 will throw a bad arg exception. Other implementations
may choose to return a fixed string (if this is a concern,
the caller will need to test for this condition).

The NetBSD man page for crypt(3) summarizes the situation as:

The behavior of crypt() on errors isn't well standardized.
Some implementations simply can't fail (unless the process
dies, in which case they obviously can't return), others
return NULL or a fixed string. Most implementations
don't set errno, but some do. Version 2 of the Single
UNIX Specification (``SUSv2'') specifies only returning
NULL and setting errno as a valid behavior, and defines
only one possible error (ENOSYS, ``The functionality is
not supported on this implementation.'') Unfortunately,
most existing applications aren't prepared to handle NULL
returns from crypt(). The description below corresponds
to this implementation of crypt() only. The behavior may
change to match standards, other implementations or existing
applications.

crypt() may only fail (and return) when passed an invalid
or unsupported setting, in which case it returns a pointer
to a magic string that is shorter than 13 characters and is
guaranteed to differ from setting. This behavior is safe
for older applications which assume that crypt() can't fail,
when both setting new passwords and authenticating against
existing password hashes.


## EXAMPLE

1> crypt:crypt("test","aa").
"aaqPiZY5xR5l."
2> crypt:crypt("test","$1$aaaaaaaa").
"$1$aaaaaaaa$lWxWtPmiNjS/cwJnGm6fe0"
3> crypt:crypt("test","$6$aaaaaaaa").
"$6$aaaaaaaa$HREHv6TuSmUS/7spCDO5Js3ssSZ6.iwVkUoVtatJUhJDKVmERrRKBTolrPMub2s5dX6IEjZg6d6wZzFRlidV41"
4>

Which algorithms are supported by crypt are dependent on the system
crypt(3) library. For example, Mac OS X only supports DES (booooooo!!!!).


TODO
----
## TODO

1. What is the maximum password and salt length?

Expand All @@ -24,8 +71,3 @@ TODO

sysconf(\_SC\_PASS\_MAX) seems to return the limit on Solaris, but isn't
available on Ubuntu.

2. Provide an erlang version of the crypt() interface.

3. For systems that don't support MD5, maybe use openssl (see in openssl
dist: apps/passwd.c).
28 changes: 9 additions & 19 deletions c_src/crypt.c
Expand Up @@ -30,18 +30,23 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "erl_nif.h"
#include "erl_driver.h"
#include "crypt.h"

static ERL_NIF_TERM error_message(ErlNifEnv *env, char *atom, char *err, char *msg);

static int
load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
{
return crypt("Test crypt() support", "xx") == NULL;
}

static ERL_NIF_TERM
nif_crypt(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{
char key[MAXBUFLEN];
char salt[MAXBUFLEN];
char *result = NULL;
int rerrno = 0;


(void)memset(&key, '\0', sizeof(key));
(void)memset(&salt, '\0', sizeof(salt));
Expand All @@ -52,34 +57,19 @@ nif_crypt(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
if (enif_get_string(env, argv[SALT], salt, sizeof(salt), ERL_NIF_LATIN1) < 1)
return enif_make_badarg(env);

errno = 0;
result = crypt(key, salt);
rerrno = errno;

(void)memset(&key, '\0', sizeof(key));

if (result == NULL)
return error_message(env, "error", "crypt", strerror(rerrno));
return enif_make_badarg(env);

return enif_make_string(env, result, ERL_NIF_LATIN1);
}


static ERL_NIF_TERM
error_message(ErlNifEnv *env, char *atom, char *err, char *msg)
{
return enif_make_tuple(env, 2,
enif_make_atom(env, atom),
enif_make_tuple(env, 2,
enif_make_atom(env, err),
enif_make_string(env, msg, ERL_NIF_LATIN1)));
}


static ErlNifFunc nif_funcs[] = {
{"crypt", 2, nif_crypt}
};

ERL_NIF_INIT(crypt, nif_funcs, NULL, NULL, NULL, NULL)


ERL_NIF_INIT(crypt, nif_funcs, load, NULL, NULL, NULL)

0 comments on commit 21a74d6

Please sign in to comment.