php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #36269 Output of base64_decode differes between 4.3.11 and 5.1.2
Submitted: 2006-02-03 01:17 UTC Modified: 2006-02-03 06:42 UTC
From: jim at adicio dot com Assigned:
Status: Not a bug Package: URL related
PHP Version: 5.1.2 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jim at adicio dot com
New email:
PHP Version: OS:

 

 [2006-02-03 01:17 UTC] jim at adicio dot com 
Description:
------------
This potential bug is very similar to bug report #36106

We recently upgraded php from 4.3.11 to 5.1.2 and discovered 
that the base64_decode results are different for complex 
strings sent as url paremeters 

For example ?complexString=<someComplexStringHere>

However, this bug can only be reproduced when the data is sent 
as a query string parameter or posted, but not reproducible 
when the complex string is hard coded. More details are in the 
comments of the sample code.


Reproduce code:
---------------
<?php
/**
 Paste the following string as: http://localhost/bugTest.php?complexString=<complexString>
 
http://localhost/bugTest.php?complexString=Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ==
 */

$data =$_REQUEST['complexString'];
echo 'md5 of $_REQUEST: ' . md5($data); // 0eb27567360d44463acf0828ae5b9c7b   same on php 4.3.11 as php 5.1.2
echo "<br/>\n";
$b64 =  base64_decode($data);
if ($b64){
  echo 'md5 after base64_decode: ' .  md5($b64); // this is different: php 5.1.2=d506a6d5fa0e18eb471eda4d636ec282  php4.3.11=9e903ee99934d554828979fe2221dd3e
}

$complexStringHardCoded="Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ==";
echo "<br/>\n";
echo 'md5 of hard-coded complex string after base64_decode: ' . md5(base64_decode($complexStringHardCoded)); //same md5 on php 4.3.11 as 5.1.2
 ?>

Expected result:
----------------
Same md5 checksums of base64_decoded string on php 4.3.11 as 
5.1.2



Actual result:
--------------
Different md5 checksums of base64_decoded string on php 4.3.11 
than 5.1.2

I'm inclined to believe the potential bug is in 5.1.2 because 
this sample string represents encrypted data which was 
successfully base64_decoded and decrypted in 4.3.11 but was 
garbage in 5.1.2

Thanks!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-03 02:04 UTC] jim at adicio dot com 
I also wanted to mention that calling preg_replace("/\s/", 
"+", $_REQUEST['complexString']) before base64_decode() will 
emulate the correct expected behavior.
 [2006-02-03 06:42 UTC] tony2001@php.net 
See bug #34214.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 18:01:29 2024 UTC