php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #51059 crypt() segfaults on certain salts
Submitted: 2010-02-16 17:50 UTC Modified: 2010-04-08 20:54 UTC
From: joey@php.net Assigned: pajoye (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 5.3.2RC2 OS: Linux, Mac OSX
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: joey@php.net
New email:
PHP Version: OS:

 

 [2010-02-16 17:50 UTC] joey@php.net 
Description:
------------
Prior to 5.3, crypt() would safely handle certain invalid salts. With the switch to the new DES-based crypt() provider in 5.3, it segfaults.
In discussing this with Pierre, he indicated the problem was in do_des().

Reproduce code:
---------------
<?php
var_dump(crypt('a', '_'));

Expected result:
----------------
string(13) "_$MoLFnWnJ4yk"


Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-16 20:18 UTC] jani@php.net 
Quite likely same as bug #50947 ?
 [2010-02-16 23:14 UTC] joey@php.net 
They seem to be superficially the same, but the bug in this case
couldn't really be SAPI-specific, so either the other report is
factually incorrect, or they're different bugs.
 [2010-02-21 18:11 UTC] svn@php.net 
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=295309
Log: - Fix #51059, crypt can fail and return NULL, on almost all implementations
 [2010-02-21 19:58 UTC] pajoye@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 30 02:01:30 2025 UTC