ID: 45430 Updated by: [EMAIL PROTECTED] -Summary: crypt () not thread-safe on threaded webserver (ISAPI) Reported By: alex at all-dynamics dot de -Status: Open +Status: Critical Bug Type: *Encryption and hash functions Operating System: Win32 PHP Version: 5.2.6 New Comment:
See also: http://blog.php-security.org/comment.php?type=trackback&entry_id=82 Previous Comments: ------------------------------------------------------------------------ [2008-07-04 08:50:38] alex at all-dynamics dot de Description: ------------ crypt () seems not to be thread-safe when using a threaded webserver (Windows, ISAPI). Maybe this has something to do with win32/md5crypt.c / md5_crypt: static char passwd[120] (static buffer which is returned to the calling function). Reproduce code: --------------- Run this code with two or more simultaneous requests on a threaded server: set_time_limit (0); $passwd1 = "testtesttest"; $passwd2 = "passwordpassword"; for ($i = 0; $i < 3000; $i++) { $crypted = crypt ($passwd1); if ($crypted != crypt ($passwd1, $crypted)) die ("no match"); $crypted = crypt ($passwd2); if ($crypted != crypt ($passwd2, $crypted)) die ("no match"); } echo "ok"; Expected result: ---------------- "ok" on all requests Actual result: -------------- one request may end with "no match", the other request will display "ok" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=45430&edit=1