php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #744 php don't work propertly with FreeBSD MD5 crypt()
Submitted: 1998-09-14 02:59 UTC Modified: 1998-09-22 01:42 UTC
From: vova at plugcom dot ru Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 3.0.3 OS: FreeBSD
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: vova at plugcom dot ru
New email:
PHP Version: OS:

 

 [1998-09-14 02:59 UTC] vova at plugcom dot ru 
In FreeBSD with MD5 crypt(), 10-charcter SALT is used,
and crypted string consist of:
$1$SALT$CRYPTCHARS, for example:
$1$hGZ9u$8bRWSxRh3Kv/hyb9mRmoF1

standart php function crypt() cuts first two characters, so crypt() don't work (first 3 characters allways "$1$")

there is patch for functions/crypt.c it works corectly with FreeBSD MD5 and DES crypt()

*** ../php-3.0.3/functions/crypt.c.orig	Fri May 15 12:57:19 1998
--- ../php-3.0.3/functions/crypt.c	Sun Sep 13 09:27:06 1998
***************
*** 66,74 ****
--- 66,96 ----
  	"Crypt", crypt_functions, NULL, NULL, NULL, NULL, NULL, STANDARD_MODULE_PROPERTIES
  };
  
+ #ifdef __FreeBSD__
+ static unsigned char itoa64[] =         /* 0 ... 63 => ascii - 64 */
+ 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+ 
+ void
+ to64(s, v, n)
+ 	char *s;
+ 	long v;
+ 	int n;
+ {
+ 	while (--n >= 0) {
+ 		*s++ = itoa64[v&0x3f];
+ 		v >>= 6;
+ 	}
+ }
+ #endif
+ 
  void php3_crypt(INTERNAL_FUNCTION_PARAMETERS)
  {
+ #ifdef __FreeBSD__
+ 	char salt[10];
+ 	struct timeval tv;
+ #else
  	char salt[4];
+ #endif
  	int arg_count = ARG_COUNT(ht);
  	pval *arg1, *arg2;
  	static char seedchars[] =
***************
*** 83,96 ****
--- 105,141 ----
  	salt[0] = '\0';
  	if (arg_count == 2) {
  		convert_to_string(arg2);
+ #ifdef __FreeBSD__              
+ 		strncpy(salt, arg2->value.str.val, 9);
+ #else                   
  		strncpy(salt, arg2->value.str.val, 2);
+ #endif
  	}
  	if (!salt[0]) {
+ #ifdef __FreeBSD__
+ 		gettimeofday(&tv,0);
+ 		if (!strncmp(crypt("test", "xx"), "$1$", 3)) {
+ 			/* MD5 salt */
+ 			strncpy(&salt[0], "$1$", 3);
+ 			(void)srandom((int)time((time_t *)NULL));
+ 			to64(&salt[3], random(), 3);
+ 			to64(&salt[6], tv.tv_usec, 3);
+ 			salt[9] = '\0';
+ 		} else {
+ 			/* DES salt */
+ 			srandom(getpid() * tv.tv_usec);
+ 			to64(&salt[0], random(), 2);
+ 			salt[2] = '\0';
+ 		}
+ #else
  		srand(time(0) * getpid());
  		salt[0] = seedchars[rand() % 64];
  		salt[1] = seedchars[rand() % 64];
+ #endif
  	}
+ #ifndef __FreeBSD__
  	salt[2] = '\0';
+ #endif
  
  	return_value->value.str.val = (char *) crypt(arg1->value.str.val, salt);
  	return_value->value.str.len = strlen(return_value->value.str.val);	/* can be optimized away to 13? */

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1998-09-22 01:42 UTC] rasmus 
This has been solved with a more general fix.  The supported encryption types are now checked by configure and the PHP crypt() function tries to be smart about it.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Jul 12 11:01:32 2025 UTC