go to bug id or search bugs for
My hosting company recently upgraded from PHP 5.2.x to PHP 5.3.1.
Using crypt() with a salt following the CRYPT_BLOWFISH format (as shown on
http://ca.php.net/manual/en/function.crypt.php) the script will hang and timeout
Previous to the upgrade the function would process successfully without warning
or error. A call to hash_algos() does list "Blowfish" as a registered hashing
On the documentation page for crypt(), the following note is stated: "As of PHP
5.3.0, PHP contains its own implementation and will use that if the system lacks
of support for one or more of the algorithms."
So rather than hanging PHP is expected to use an internal algorithm in place
where Blowfish is apparently not supported on the server.
This was further tested by using a sha512-formatted salt for the 2nd argument
(sha512 is listed in the result provided by hash_algos()), which processes
successfully. Also by calling crypt() using the Blowfish salt and attempting
with the 1st argument processed using the hash() function and without - both
instances cause the script to hang as well.
The expected result would be an encrypted string using an internal PHP algorithm
as described within the PHP documentation for the crypt() function.
The actual result is that the script will hang until the maximum process time on
the server is exceeded and the script times out, giving the following error
[warn] mod_fcgid: stderr: PHP Fatal error: Maximum execution time of 30 seconds
exceeded in [script path] on line 30
Add a Patch
Add a Pull Request
Confirmed, this gets stuck in standard/crypt_blowfish.c because of this:
691 count = (BF_word)1 << ((setting - '0') * 10 + (setting -
(gdb) p count
$1 = 2147483648
(gdb) p setting
$2 = 51 '3'
(gdb) p setting
$3 = 49 '1'
(gdb) p ((setting - '0') * 10 + (setting - '0'))
$4 = 31
And then there is a while(--count) loop further on that is thus going to take a
long time to complete.
I guess technically this isn't actually a bug. You are asking for a work factor of
31. Work factors are exponential and 31 is going to take a very very long time.
You could perhaps make a persuasive argument for not allowing work factors that
Also, note that the hash methods returned by `hash_algos()` is a different list
than those available via `crypt()` (they are different systems entirely)...