php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69686 password_verify reports back error on PHP7 will null string
Submitted: 2015-05-21 20:48 UTC Modified: 2015-05-21 20:58 UTC
From: ccornutt at phpdeveloper dot org Assigned: ircmaxell (profile)
Status: Closed Package: hash related
PHP Version: master-Git-2015-05-21 (Git) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ccornutt at phpdeveloper dot org
New email:
PHP Version: OS:

 

 [2015-05-21 20:48 UTC] ccornutt at phpdeveloper dot org 
Description:
------------
A password_verify call with a second parameter value of null an error is reported in PHP 7 where none was thrown in PHP 5.5:

Example: "Deprecated: password_verify(): Supplied salt is not valid for DES. Possible bug in provided salt format. in /in/ThW5f on line 6"

http://3v4l.org/ThW5f

Test script:
---------------
<?php
// Run in current version of PHP 7

$input = 'test';
$hash = null;

$result = password_verify($input, $hash);
var_export($result);

Expected result:
----------------
false (as it was in PHP 5.5) as the string to verify isn't even valid

Actual result:
--------------
The way HHVM handles it would be nice:

Catchable fatal error: Argument 2 passed to password_verify() must be an instance of string, null given in /in/ThW5f on line 6

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-21 20:58 UTC] ircmaxell@php.net
-Assigned To: +Assigned To: ircmaxell
 [2015-05-21 21:13 UTC] ircmaxell@php.net 
Automatic comment on behalf of ircmaxell@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ed4052f1d5309cc974b134c2b78724d727ef9349
Log: Fixed bug #69686 password_verify reports back error on PHP7 will null string.
 [2015-05-21 21:13 UTC] ircmaxell@php.net
-Status: Assigned +Status: Closed
 [2016-07-20 11:38 UTC] davey@php.net 
Automatic comment on behalf of ircmaxell@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ed4052f1d5309cc974b134c2b78724d727ef9349
Log: Fixed bug #69686 password_verify reports back error on PHP7 will null string.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 10:00:01 2025 UTC