| Bug #50052 | Crypt - Different Hashes on Windows and Linux on wrong Salt size | ||||
|---|---|---|---|---|---|
| Submitted: | 2 Nov 2009 2:39am UTC | Modified: | 2 Nov 2009 8:47pm UTC | ||
| From: | otaviodiniz at gmail dot com | Assigned to: | pajoye | ||
| Status: | Closed | Category: | Scripting Engine problem | ||
| Version: | 5.3.0 | OS: | Windows 7 | ||
[2 Nov 2009 9:46am UTC] pajoye@php.net
Cannot reproduce: g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. Please try using VC9-x86 binaries, http://windows.php.net/snapshots/
[2 Nov 2009 9:59am UTC] pajoye@php.net
Forgot to copy 5.3 output as well: g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY.
[2 Nov 2009 1:57pm UTC] otaviodiniz at gmail dot com
As you can see the output are different in 5.2 and 5.3 near 0$or 01or.
[2 Nov 2009 8:46pm UTC] svn@php.net
Automatic comment from SVN on behalf of pajoye Revision: http://svn.php.net/viewvc/?view=revision&revision=290154 Log: - Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size
[2 Nov 2009 8:47pm UTC] pajoye@php.net
This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better.
Description: ------------ The behave of Crypt function on Windows and Linux boxes are different. In the sample function we create a Salt with length of 12 characters. First, the Salt size is incorrect, if i remove one character the Salt, the result will be correct. But with the wrong Salt size the behavior are different: On Windows - The output is incorrect, as it shows the whole Salt without the terminator $... On Linux - PHP strips one character of Salt into it's correct expected size, outputing correctly with the terminator $... Reproduce code: --------------- md5crypt("test"); function md5crypt($password) { $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ' .'abcdefghijklmnopqrstuvwxyz0123456789+/'; $salt='$1$'; for($i=0; $i<9; $i++) { $salt.=$base64_alphabet[rand(0,63)]; } $salt.='$'; echo "<pre>"; echo "Salt: ".$salt."<br />\r\n"; echo "Output: ".crypt($password,$salt); echo "</pre>"; } Expected result: ---------------- Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. //Linux Actual result: -------------- Salt: $1$XcPmtBmRG$ Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0 //Windows