php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69686 password_verify reports back error on PHP7 will null string
Submitted: 2015-05-21 20:48 UTC Modified: 2015-05-21 20:58 UTC
From: ccornutt at phpdeveloper dot org Assigned: ircmaxell
Status: Closed Package: hash related
PHP Version: master-Git-2015-05-21 (Git) OS: Linux
Private report: No CVE-ID:
 [2015-05-21 20:48 UTC] ccornutt at phpdeveloper dot org
Description:
------------
A password_verify call with a second parameter value of null an error is reported in PHP 7 where none was thrown in PHP 5.5:

Example: "Deprecated: password_verify(): Supplied salt is not valid for DES. Possible bug in provided salt format. in /in/ThW5f on line 6"

http://3v4l.org/ThW5f

Test script:
---------------
<?php
// Run in current version of PHP 7

$input = 'test';
$hash = null;

$result = password_verify($input, $hash);
var_export($result);

Expected result:
----------------
false (as it was in PHP 5.5) as the string to verify isn't even valid

Actual result:
--------------
The way HHVM handles it would be nice:

Catchable fatal error: Argument 2 passed to password_verify() must be an instance of string, null given in /in/ThW5f on line 6

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-21 20:58 UTC] ircmaxell@php.net
-Assigned To: +Assigned To: ircmaxell
 [2015-05-21 21:13 UTC] ircmaxell@php.net
Automatic comment on behalf of ircmaxell@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ed4052f1d5309cc974b134c2b78724d727ef9349
Log: Fixed bug #69686 password_verify reports back error on PHP7 will null string.
 [2015-05-21 21:13 UTC] ircmaxell@php.net
-Status: Assigned +Status: Closed
 [2016-07-20 11:38 UTC] davey@php.net
Automatic comment on behalf of ircmaxell@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ed4052f1d5309cc974b134c2b78724d727ef9349
Log: Fixed bug #69686 password_verify reports back error on PHP7 will null string.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Aug 23 00:01:35 2017 UTC