php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #17062 possible bad padding
Submitted: 2002-05-06 23:49 UTC Modified: 2002-05-07 03:04 UTC
From: veins at skreel dot org Assigned:
Status: Closed Package: mcrypt related
PHP Version: 4.2.0 OS: Unix
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: veins at skreel dot org
New email:
PHP Version: OS:

 

 [2002-05-06 23:49 UTC] veins at skreel dot org 
I noticed something quite strange when using the mcrypt library to encrypt data.

say i would encrypt $data in mode ECB:
$l = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_ECB, $iv);

then decrypt it:
$l = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_ECB, $iv);

It seems like the padding prevents me from using the variable correctly in some conditions.
As explained in the documentation, the padding is made of '\0' and in the following example:

<? exec("echo.sh $l foobar", $value, $return);

exec would actually stop at $l because of the '\0' and not pass the 'foobar' arg.
I don't know if this is a known bug or a "supposed" behaviour, but it is surely annoying  :)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-07 03:04 UTC] derick@php.net 
It's indeed intended, as you might want to encrypt/decrypt a range of \0's.. PHP should not trim the result. As most encrypt algorithms do not store the length of the original string in the output, there is no way for PHP to tell where the decrypted string should end.
A workaround here would be to use trim() (www.php.net/trim) on the decrypted string to remove the trailing \0's.

Derick
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Nov 04 03:00:01 2025 UTC