PHP :: Bug #17062 :: possible bad padding

Bug #17062	possible bad padding
Submitted:	2002-05-06 23:49 UTC	Modified:	2002-05-07 03:04 UTC
From:	veins at skreel dot org	Assigned:
Status:	Closed	Package:	mcrypt related
PHP Version:	4.2.0	OS:	Unix
Private report:	No	CVE-ID:	None

View Developer Edit

[2002-05-06 23:49 UTC] veins at skreel dot org

I noticed something quite strange when using the mcrypt library to encrypt data.

say i would encrypt $data in mode ECB:
$l = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_ECB, $iv);

then decrypt it:
$l = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_ECB, $iv);

It seems like the padding prevents me from using the variable correctly in some conditions.
As explained in the documentation, the padding is made of '\0' and in the following example:

<? exec("echo.sh $l foobar", $value, $return);

exec would actually stop at $l because of the '\0' and not pass the 'foobar' arg.
I don't know if this is a known bug or a "supposed" behaviour, but it is surely annoying  :)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-05-07 03:04 UTC] derick@php.net

It's indeed intended, as you might want to encrypt/decrypt a range of \0's.. PHP should not trim the result. As most encrypt algorithms do not store the length of the original string in the output, there is no way for PHP to tell where the decrypted string should end.
A workaround here would be to use trim() (www.php.net/trim) on the decrypted string to remove the trailing \0's.

Derick

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Dec 01 01:00:01 2025 UTC