php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #2245 crypt and substr output
Submitted: 1999-09-06 03:20 UTC Modified: 1999-09-06 09:31 UTC
From: mattias at umc dot se Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 4.0 Beta 2 OS: FreeBSD 3.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
42 - 28 = ?
Subscribe to this entry?

 
 [1999-09-06 03:20 UTC] mattias at umc dot se 
Lines 1 and 3 generate different output. Seems like it should be the same.

Line 1 generates different output from time to time, so the problem should be in the interaction between the crypt() and substr() function.

-- code --
1 print crypt("olalala",substr("olalala",0,2));  
2 print "<br>";
3 print crypt("olalala","ol");                    
4 print "<br>";
5 printf ("%s",substr("olalala",0,2));           
?>

-- output --
$1$ol@?$.3S/EAX3UwfsQraYbrFTL1
$1$ol??@?$D5moWZdAKwlH8S2JXDYQ9.
ol

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-09-06 03:25 UTC] mattias at umc dot se 
Lines 1 and 3 generate different output, though it should be the same.

Line 1 generates different output from time to time, so the problem might 
be in the interaction between the crypt() and substr() function.

-- code --
<?
1 print crypt("olalala",substr("olalala",0,2));  
2 print "<br>";
3 print crypt("olalala","ol");                    
4 print "<br>";
5 printf ("%s",substr("olalala",0,2));           
?>

-- output --
$1$ol@?$.3S/EAX3UwfsQraYbrFTL1
$1$ol??@?$D5moWZdAKwlH8S2JXDYQ9.
ol
 [1999-09-06 09:05 UTC] riffraff at cvs dot php dot net 
You shouldn't depend on an assumption, that crypt() is
able to do the standart DES-encryption. On systems (such
as yours...) it seems, that DES-encryption via crypt() has
been disabled and the salt is taken as a salt for MD5 encryption. You should check CRYPT_STD_DES first before
actually passing a 2-character salt to a crypt function.
See http://www.php.net/manual/function.crypt.php3 for
more detailed explanation.

Anyway, we should make the salt string be NUL-terminated
properly even if it doesn't have the right length.
 [1999-09-06 09:31 UTC] riffraff at cvs dot php dot net 
OK, even salts that have too few characters for the crypt()
should produce consistent results now. At least for crypt() behaving like the one in glibc6.1.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 12:01:29 2024 UTC