php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #744 php don't work propertly with FreeBSD MD5 crypt()
Submitted: 1998-09-14 02:59 UTC Modified: 1998-09-22 01:42 UTC
From: vova at plugcom dot ru Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 3.0.3 OS: FreeBSD
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [1998-09-14 02:59 UTC] vova at plugcom dot ru 
In FreeBSD with MD5 crypt(), 10-charcter SALT is used,
and crypted string consist of:
$1$SALT$CRYPTCHARS, for example:
$1$hGZ9u$8bRWSxRh3Kv/hyb9mRmoF1

standart php function crypt() cuts first two characters, so crypt() don't work (first 3 characters allways "$1$")

there is patch for functions/crypt.c it works corectly with FreeBSD MD5 and DES crypt()

*** ../php-3.0.3/functions/crypt.c.orig	Fri May 15 12:57:19 1998
--- ../php-3.0.3/functions/crypt.c	Sun Sep 13 09:27:06 1998
***************
*** 66,74 ****
--- 66,96 ----
  	"Crypt", crypt_functions, NULL, NULL, NULL, NULL, NULL, STANDARD_MODULE_PROPERTIES
  };
  
+ #ifdef __FreeBSD__
+ static unsigned char itoa64[] =         /* 0 ... 63 => ascii - 64 */
+ 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+ 
+ void
+ to64(s, v, n)
+ 	char *s;
+ 	long v;
+ 	int n;
+ {
+ 	while (--n >= 0) {
+ 		*s++ = itoa64[v&0x3f];
+ 		v >>= 6;
+ 	}
+ }
+ #endif
+ 
  void php3_crypt(INTERNAL_FUNCTION_PARAMETERS)
  {
+ #ifdef __FreeBSD__
+ 	char salt[10];
+ 	struct timeval tv;
+ #else
  	char salt[4];
+ #endif
  	int arg_count = ARG_COUNT(ht);
  	pval *arg1, *arg2;
  	static char seedchars[] =
***************
*** 83,96 ****
--- 105,141 ----
  	salt[0] = '\0';
  	if (arg_count == 2) {
  		convert_to_string(arg2);
+ #ifdef __FreeBSD__              
+ 		strncpy(salt, arg2->value.str.val, 9);
+ #else                   
  		strncpy(salt, arg2->value.str.val, 2);
+ #endif
  	}
  	if (!salt[0]) {
+ #ifdef __FreeBSD__
+ 		gettimeofday(&tv,0);
+ 		if (!strncmp(crypt("test", "xx"), "$1$", 3)) {
+ 			/* MD5 salt */
+ 			strncpy(&salt[0], "$1$", 3);
+ 			(void)srandom((int)time((time_t *)NULL));
+ 			to64(&salt[3], random(), 3);
+ 			to64(&salt[6], tv.tv_usec, 3);
+ 			salt[9] = '\0';
+ 		} else {
+ 			/* DES salt */
+ 			srandom(getpid() * tv.tv_usec);
+ 			to64(&salt[0], random(), 2);
+ 			salt[2] = '\0';
+ 		}
+ #else
  		srand(time(0) * getpid());
  		salt[0] = seedchars[rand() % 64];
  		salt[1] = seedchars[rand() % 64];
+ #endif
  	}
+ #ifndef __FreeBSD__
  	salt[2] = '\0';
+ #endif
  
  	return_value->value.str.val = (char *) crypt(arg1->value.str.val, salt);
  	return_value->value.str.len = strlen(return_value->value.str.val);	/* can be optimized away to 13? */

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1998-09-22 01:42 UTC] rasmus 
This has been solved with a more general fix.  The supported encryption types are now checked by configure and the PHP crypt() function tries to be smart about it.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed May 15 03:01:33 2024 UTC