PHP :: Bug #28905 :: Cracklib crack_check does not accept resource from crack

Bug #28905

Cracklib crack_check does not accept resource from crack_opendict

Submitted:

2004-06-24 01:57 UTC

Modified:

2005-03-17 10:28 UTC

Votes:	17
Avg. Score:	4.5 ± 0.6
Reproduced:	17 of 17 (100.0%)
Same Version:	7 (41.2%)
Same OS:	8 (47.1%)

From:

screen at brainkrash dot com

Assigned:

skettler (profile)

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

4.3.6

OS:

Win32/Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	screen at brainkrash dot com
New email:
PHP Version:		OS:

New Comment:

[2004-06-24 01:57 UTC] screen at brainkrash dot com

Description:
------------
Upgraded to 4.3.6 from 4.3.4 and cracklib crack_check errors on crack_check when passed the result from a successful crack_openict. I've tested on a linux build and on win32 (binary distro). crack_opendict appears does return a "resource" with no errors but crack_check returns the following error:

Warning: crack_check(): 209064108 is not a valid cracklib dictionary resource in...

a subsequent call to crack_getlastmessage gives the following warning:

Warning: crack_getlastmessage(): No obscure checks in this session in...



Reproduce code:
---------------
$dict = crack_opendict("/usr/lib/cracklib_dict");
$strong = crack_check($dict, 'password');
print("dict: $dict<br>");
print("strong: $strong<br>");




Expected result:
----------------
dict: Resource id #60
strong: 0

Actual result:
--------------
Warning: crack_check(): 216275340 is not a valid cracklib dictionary resource in c:\usr\local\www\v2\common\auth\classes\class.BrainKrash_Auth.php on line 704
dict: Resource id #60
strong:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-15 21:45 UTC] bradshaw at mcs dot anl dot gov

I am seeing this exact same problem with the 4.3.8 that we just started using on our linux server running apache 2.0.50.

Is there a fix or workaround for this cause it is really affecting our account creation system.

[2004-07-16 06:16 UTC] jocke at blajj dot net

Same here...
I upgraded from Apache 1.3.29 / PHP 4.3.4 (where the Cracklib-functions actually worked) to Apache 1.3.31 / PHP 4.3.8 (with the exact same configuration options) and now the Cracklib-functions in PHP are totally broken...

[16-Jul-2004 06:00:06] PHP Warning:  crack_check(): 135510476 is not a valid cracklib dictionary resource in ...
[16-Jul-2004 06:00:06] PHP Warning:  crack_getlastmessage(): No obscure checks in this session in ...

Annoying, to say the least :-)

[2004-07-16 06:44 UTC] jocke at blajj dot net

Ok, I just downloaded all the PHP sources from version 4.3.3
and up, and did a quick check of the cracklib sources.
The file php-4.3.x/ext/crack/crack.c was changed in PHP 4.3.5 (from version 1.18.8.2 to 1.18.8.3) and has stayed in that version since.
PHP 4.3.4: /* $Id: crack.c,v 1.18.8.2 2003/06/12 12:37:03 andrey Exp $ */
PHP 4.3.5: (and up) /* $Id: crack.c,v 1.18.8.3 2004/01/04 20:01:07 iliaa Exp $ */

I will later try to recompile 4.3.8 with the earlier version of crack.c and see what happens. (maybe not a good idea, but I want to try...)

[2004-07-16 11:03 UTC] jocke at blajj dot net

Well, well... I compiled PHP 4.3.8 with the old version of
ext/crack/crack.c (version 1.18.8.2 from PHP 4.3.4), and YES, it works!

[2004-07-16 23:46 UTC] sheltren at cs dot ucsb dot edu

I can confirm this bug on a Fedora Core 2 system.

Using the older crack.c file (from php 4.3.4) eliminates the error, and cracklib works as expected as above.

[2004-07-25 00:16 UTC] phpbugs dot 20 dot nky at spamgourmet dot com

I get it too..

PHP Version => 4.3.8

sys-libs/cracklib-2.7-r8

# md5sum /usr/lib/cracklib_dict.hwm
94ab9cf6af519cbd9467353082453e80  /usr/lib/cracklib_dict.hwm


strace:
-----
open("/usr/lib/cracklib_dict.pwd", O_RDONLY) = 3
open("/usr/lib/cracklib_dict.pwi", O_RDONLY) = 7
open("/usr/lib/cracklib_dict.hwm", O_RDONLY) = 8
fstat64(7, {st_mode=S_IFREG|0644, st_size=77356, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "1Vwp|\270\4\0\20\0\0\0\0\0\0\0@\0\0\0\206\0\0\0\350\0\0"..., 4096) = 4096
fstat64(8, {st_mode=S_IFREG|0644, st_size=1024, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(8, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1024
write(1, "\nWarning: crack_check(): 308 is "..., 139) = 139
-----

[2005-02-03 05:03 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2005-02-11 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2005-03-13 22:06 UTC] skettler@php.net

Could you please try installing the crack extension from pecl?

[2005-03-17 10:28 UTC] skettler@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jan 05 05:01:28 2025 UTC