PHP :: Bug #17062 :: possible bad padding

Bug #17062	possible bad padding
Submitted:	2002-05-06 23:49 UTC	Modified:	2002-05-07 03:04 UTC
From:	veins at skreel dot org	Assigned:
Status:	Closed	Package:	mcrypt related
PHP Version:	4.2.0	OS:	Unix
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-05-06 23:49 UTC] veins at skreel dot org

I noticed something quite strange when using the mcrypt library to encrypt data.

say i would encrypt $data in mode ECB:
$l = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_ECB, $iv);

then decrypt it:
$l = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_ECB, $iv);

It seems like the padding prevents me from using the variable correctly in some conditions.
As explained in the documentation, the padding is made of '\0' and in the following example:

<? exec("echo.sh $l foobar", $value, $return);

exec would actually stop at $l because of the '\0' and not pass the 'foobar' arg.
I don't know if this is a known bug or a "supposed" behaviour, but it is surely annoying  :)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-05-07 03:04 UTC] derick@php.net

It's indeed intended, as you might want to encrypt/decrypt a range of \0's.. PHP should not trim the result. As most encrypt algorithms do not store the length of the original string in the output, there is no way for PHP to tell where the decrypted string should end.
A workaround here would be to use trim() (www.php.net/trim) on the decrypted string to remove the trailing \0's.

Derick

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 10 12:01:32 2024 UTC