php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28905 Cracklib crack_check does not accept resource from crack_opendict
Submitted: 2004-06-24 01:57 UTC Modified: 2005-03-17 10:28 UTC
Votes:17
Avg. Score:4.5 ± 0.6
Reproduced:17 of 17 (100.0%)
Same Version:7 (41.2%)
Same OS:8 (47.1%)
From: screen at brainkrash dot com Assigned: skettler (profile)
Status: Closed Package: Unknown/Other Function
PHP Version: 4.3.6 OS: Win32/Linux
Private report: No CVE-ID: None
 [2004-06-24 01:57 UTC] screen at brainkrash dot com
Description:
------------
Upgraded to 4.3.6 from 4.3.4 and cracklib crack_check errors on crack_check when passed the result from a successful crack_openict. I've tested on a linux build and on win32 (binary distro). crack_opendict appears does return a "resource" with no errors but crack_check returns the following error:

Warning: crack_check(): 209064108 is not a valid cracklib dictionary resource in...

a subsequent call to crack_getlastmessage gives the following warning:

Warning: crack_getlastmessage(): No obscure checks in this session in...



Reproduce code:
---------------
$dict = crack_opendict("/usr/lib/cracklib_dict");
$strong = crack_check($dict, 'password');
print("dict: $dict<br>");
print("strong: $strong<br>");




Expected result:
----------------
dict: Resource id #60
strong: 0

Actual result:
--------------
Warning: crack_check(): 216275340 is not a valid cracklib dictionary resource in c:\usr\local\www\v2\common\auth\classes\class.BrainKrash_Auth.php on line 704
dict: Resource id #60
strong:

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-15 21:45 UTC] bradshaw at mcs dot anl dot gov
I am seeing this exact same problem with the 4.3.8 that we just started using on our linux server running apache 2.0.50.

Is there a fix or workaround for this cause it is really affecting our account creation system.
 [2004-07-16 06:16 UTC] jocke at blajj dot net
Same here...
I upgraded from Apache 1.3.29 / PHP 4.3.4 (where the Cracklib-functions actually worked) to Apache 1.3.31 / PHP 4.3.8 (with the exact same configuration options) and now the Cracklib-functions in PHP are totally broken...

[16-Jul-2004 06:00:06] PHP Warning:  crack_check(): 135510476 is not a valid cracklib dictionary resource in ...
[16-Jul-2004 06:00:06] PHP Warning:  crack_getlastmessage(): No obscure checks in this session in ...

Annoying, to say the least :-)
 [2004-07-16 06:44 UTC] jocke at blajj dot net
Ok, I just downloaded all the PHP sources from version 4.3.3
and up, and did a quick check of the cracklib sources.
The file php-4.3.x/ext/crack/crack.c was changed in PHP 4.3.5 (from version 1.18.8.2 to 1.18.8.3) and has stayed in that version since.
PHP 4.3.4: /* $Id: crack.c,v 1.18.8.2 2003/06/12 12:37:03 andrey Exp $ */
PHP 4.3.5: (and up) /* $Id: crack.c,v 1.18.8.3 2004/01/04 20:01:07 iliaa Exp $ */

I will later try to recompile 4.3.8 with the earlier version of crack.c and see what happens. (maybe not a good idea, but I want to try...)
 [2004-07-16 11:03 UTC] jocke at blajj dot net
Well, well... I compiled PHP 4.3.8 with the old version of
ext/crack/crack.c (version 1.18.8.2 from PHP 4.3.4), and YES, it works!
 [2004-07-16 23:46 UTC] sheltren at cs dot ucsb dot edu
I can confirm this bug on a Fedora Core 2 system.

Using the older crack.c file (from php 4.3.4) eliminates the error, and cracklib works as expected as above.
 [2004-07-25 00:16 UTC] phpbugs dot 20 dot nky at spamgourmet dot com
I get it too..

PHP Version => 4.3.8

sys-libs/cracklib-2.7-r8

# md5sum /usr/lib/cracklib_dict.hwm
94ab9cf6af519cbd9467353082453e80  /usr/lib/cracklib_dict.hwm


strace:
-----
open("/usr/lib/cracklib_dict.pwd", O_RDONLY) = 3
open("/usr/lib/cracklib_dict.pwi", O_RDONLY) = 7
open("/usr/lib/cracklib_dict.hwm", O_RDONLY) = 8
fstat64(7, {st_mode=S_IFREG|0644, st_size=77356, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "1Vwp|\270\4\0\20\0\0\0\0\0\0\0@\0\0\0\206\0\0\0\350\0\0"..., 4096) = 4096
fstat64(8, {st_mode=S_IFREG|0644, st_size=1024, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(8, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1024
write(1, "\nWarning: crack_check(): 308 is "..., 139) = 139
-----
 [2005-02-11 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-03-13 22:06 UTC] skettler@php.net
Could you please try installing the crack extension from pecl?
 [2005-03-17 10:28 UTC] skettler@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Aug 18 02:05:45 2022 UTC