|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68068 base64_encode should take byte streams and a length
Submitted: 2014-09-22 02:01 UTC Modified: 2014-09-22 05:07 UTC
From: wzis at hotmail dot com Assigned:
Status: Not a bug Package: hash related
PHP Version: Irrelevant OS: UNIX/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: wzis at hotmail dot com
New email:
PHP Version: OS:


 [2014-09-22 02:01 UTC] wzis at hotmail dot com
From manual page:
base64_encode now only takes one str argument, that will make conversion of a byte stream with \0 in it fail, so can't convert arbitrary byte stream properly.

Test script:
$randv=shell_exec("dd if=/dev/urandom bs=1 count=6 2>/dev/null");

Expected result:
$salt="\$1\$".base64_encode($randv, 6);

Actual result:
depends on what we get from the /dev/urandom, the $salt could be shorter than 8 characters as it supposed to be.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-22 05:07 UTC]
-Status: Open +Status: Not a bug
 [2014-09-22 05:07 UTC]
String lengths in PHP are not determined by a null character. You can easily test this for yourself. If they were, then this should print the same base64 encoded string twice:

echo base64_encode("abc\0def");
echo "\n";
echo base64_encode("abc");

It doesn't, of course.
 [2014-09-22 12:22 UTC] wzis at hotmail dot com
Thanks. You are correct, my mistake: I assumed the PHP also uses null as the end of string, and didn't use strlen to check.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Jan 28 15:03:49 2023 UTC