php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #2245 crypt and substr output
Submitted: 1999-09-06 03:20 UTC Modified: 1999-09-06 09:31 UTC
From: mattias at umc dot se Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 4.0 Beta 2 OS: FreeBSD 3.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mattias at umc dot se
New email:
PHP Version: OS:

 

 [1999-09-06 03:20 UTC] mattias at umc dot se 
Lines 1 and 3 generate different output. Seems like it should be the same.

Line 1 generates different output from time to time, so the problem should be in the interaction between the crypt() and substr() function.

-- code --
1 print crypt("olalala",substr("olalala",0,2));  
2 print "<br>";
3 print crypt("olalala","ol");                    
4 print "<br>";
5 printf ("%s",substr("olalala",0,2));           
?>

-- output --
$1$ol@?$.3S/EAX3UwfsQraYbrFTL1
$1$ol??@?$D5moWZdAKwlH8S2JXDYQ9.
ol

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-09-06 03:25 UTC] mattias at umc dot se 
Lines 1 and 3 generate different output, though it should be the same.

Line 1 generates different output from time to time, so the problem might 
be in the interaction between the crypt() and substr() function.

-- code --
<?
1 print crypt("olalala",substr("olalala",0,2));  
2 print "<br>";
3 print crypt("olalala","ol");                    
4 print "<br>";
5 printf ("%s",substr("olalala",0,2));           
?>

-- output --
$1$ol@?$.3S/EAX3UwfsQraYbrFTL1
$1$ol??@?$D5moWZdAKwlH8S2JXDYQ9.
ol
 [1999-09-06 09:05 UTC] riffraff at cvs dot php dot net 
You shouldn't depend on an assumption, that crypt() is
able to do the standart DES-encryption. On systems (such
as yours...) it seems, that DES-encryption via crypt() has
been disabled and the salt is taken as a salt for MD5 encryption. You should check CRYPT_STD_DES first before
actually passing a 2-character salt to a crypt function.
See http://www.php.net/manual/function.crypt.php3 for
more detailed explanation.

Anyway, we should make the salt string be NUL-terminated
properly even if it doesn't have the right length.
 [1999-09-06 09:31 UTC] riffraff at cvs dot php dot net 
OK, even salts that have too few characters for the crypt()
should produce consistent results now. At least for crypt() behaving like the one in glibc6.1.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 08:01:29 2024 UTC