PHP :: Bug #50052 :: Crypt - Different Hashes on Windows and Linux on wrong Salt size

Bug #50052	Crypt - Different Hashes on Windows and Linux on wrong Salt size
Submitted:	2009-11-02 02:39 UTC	Modified:	2009-11-02 20:47 UTC
From:	otaviodiniz at gmail dot com	Assigned:	pajoye (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5.3.0	OS:	Windows 7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	otaviodiniz at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-11-02 02:39 UTC] otaviodiniz at gmail dot com

Description:
------------
The behave of Crypt function on Windows and Linux boxes are different.
In the sample function we create a Salt with length of 12 characters.

First, the Salt size is incorrect, if i remove one character the Salt, the result will be correct.

But with the wrong Salt size the behavior are different:

On Windows - The output is incorrect, as it shows the whole Salt without the terminator $...

On Linux - PHP strips one character of Salt into it's correct expected size, outputing correctly with the terminator $...

Reproduce code:
---------------
md5crypt("test");

function md5crypt($password)
{
  $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
  .'abcdefghijklmnopqrstuvwxyz0123456789+/';
  $salt='$1$';
  for($i=0; $i<9; $i++)
  {
    $salt.=$base64_alphabet[rand(0,63)];
  }
  $salt.='$';
  echo "<pre>";
  echo "Salt:   ".$salt."<br />\r\n";
  echo "Output: ".crypt($password,$salt);
  echo "</pre>";
}

Expected result:
----------------
Salt:   $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
//Linux




Actual result:
--------------
Salt:   $1$XcPmtBmRG$
Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0
//Windows

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-11-02 09:46 UTC] pajoye@php.net

Cannot reproduce:

g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php

Salt:   $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.

Please try using VC9-x86 binaries, http://windows.php.net/snapshots/

[2009-11-02 09:59 UTC] pajoye@php.net

Forgot to copy 5.3 output as well:

g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php
Salt:   $1$f+uslYF01$
Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY.

[2009-11-02 13:57 UTC] otaviodiniz at gmail dot com

As you can see the output are different in 5.2 and 5.3 near 0$or 01or.

[2009-11-02 20:46 UTC] svn@php.net

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=290154
Log: - Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size

[2009-11-02 20:47 UTC] pajoye@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2011-04-07 12:15 UTC] catalin at aceora dot com

I what version of PHP was this implemented ?
I call the crypt function from two pc, with two different PHP versions, and i get two separate results.

Catalin

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 06:00:01 2025 UTC