php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36269 Output of base64_decode differes between 4.3.11 and 5.1.2
Submitted: 2006-02-03 01:17 UTC Modified: 2006-02-03 06:42 UTC
From: jim at adicio dot com Assigned:
Status: Not a bug Package: URL related
PHP Version: 5.1.2 OS: *
Private report: No CVE-ID: None
 [2006-02-03 01:17 UTC] jim at adicio dot com
Description:
------------
This potential bug is very similar to bug report #36106

We recently upgraded php from 4.3.11 to 5.1.2 and discovered 
that the base64_decode results are different for complex 
strings sent as url paremeters 

For example ?complexString=<someComplexStringHere>

However, this bug can only be reproduced when the data is sent 
as a query string parameter or posted, but not reproducible 
when the complex string is hard coded. More details are in the 
comments of the sample code.


Reproduce code:
---------------
<?php
/**
 Paste the following string as: http://localhost/bugTest.php?complexString=<complexString>
 
http://localhost/bugTest.php?complexString=Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ==
 */

$data =$_REQUEST['complexString'];
echo 'md5 of $_REQUEST: ' . md5($data); // 0eb27567360d44463acf0828ae5b9c7b   same on php 4.3.11 as php 5.1.2
echo "<br/>\n";
$b64 =  base64_decode($data);
if ($b64){
  echo 'md5 after base64_decode: ' .  md5($b64); // this is different: php 5.1.2=d506a6d5fa0e18eb471eda4d636ec282  php4.3.11=9e903ee99934d554828979fe2221dd3e
}

$complexStringHardCoded="Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ==";
echo "<br/>\n";
echo 'md5 of hard-coded complex string after base64_decode: ' . md5(base64_decode($complexStringHardCoded)); //same md5 on php 4.3.11 as 5.1.2
 ?>

Expected result:
----------------
Same md5 checksums of base64_decoded string on php 4.3.11 as 
5.1.2



Actual result:
--------------
Different md5 checksums of base64_decoded string on php 4.3.11 
than 5.1.2

I'm inclined to believe the potential bug is in 5.1.2 because 
this sample string represents encrypted data which was 
successfully base64_decoded and decrypted in 4.3.11 but was 
garbage in 5.1.2

Thanks!


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-03 02:04 UTC] jim at adicio dot com
I also wanted to mention that calling preg_replace("/\s/", 
"+", $_REQUEST['complexString']) before base64_decode() will 
emulate the correct expected behavior.
 [2006-02-03 06:42 UTC] tony2001@php.net
See bug #34214.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 16 21:03:37 2021 UTC