|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51059 crypt() segfaults on certain salts
Submitted: 2010-02-16 17:50 UTC Modified: 2010-04-08 20:54 UTC
From: Assigned: pajoye
Status: Closed Package: *Encryption and hash functions
PHP Version: 5.3.2RC2 OS: Linux, Mac OSX
Private report: No CVE-ID:
 [2010-02-16 17:50 UTC]
Prior to 5.3, crypt() would safely handle certain invalid salts. With the switch to the new DES-based crypt() provider in 5.3, it segfaults.
In discussing this with Pierre, he indicated the problem was in do_des().

Reproduce code:
var_dump(crypt('a', '_'));

Expected result:
string(13) "_$MoLFnWnJ4yk"

Actual result:
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-16 20:18 UTC]
Quite likely same as bug #50947 ?
 [2010-02-16 23:14 UTC]
They seem to be superficially the same, but the bug in this case
couldn't really be SAPI-specific, so either the other report is
factually incorrect, or they're different bugs.
 [2010-02-21 18:11 UTC]
Automatic comment from SVN on behalf of pajoye
Log: - Fix #51059, crypt can fail and return NULL, on almost all implementations
 [2010-02-21 19:58 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 22:01:36 2015 UTC