ID: 45430 Updated by: [EMAIL PROTECTED] Reported By: alex at all-dynamics dot de Status: Critical Bug Type: *Encryption and hash functions Operating System: Win32 PHP Version: 5.2.6 Assigned To: pajoye New Comment:
Patch updated to the latest DES implementation ported to Windows. Blowfish support added (with salt generation). http://news.php.net/php.internals.win/94 Previous Comments: ------------------------------------------------------------------------ [2008-07-17 22:44:11] [EMAIL PROTECTED] Here is the patch (windows only): http://pierre.libgd.org/patches/crypt_r_win32.patch.txt Will be committed asap. ------------------------------------------------------------------------ [2008-07-15 09:19:20] [EMAIL PROTECTED] Taking the hand on it for the windows part. As part of the win32 improvement effort, I already wrote a patch to drop our win32's md5_crypt implementation and add support for other algorithms (just like crypt_r + DES). ------------------------------------------------------------------------ [2008-07-15 02:28:46] [EMAIL PROTECTED] See also: http://blog.php-security.org/archives/82-Suhosin-0.9.20-and-crypt-Thread-Safety-Vulnerability.html ------------------------------------------------------------------------ [2008-07-04 08:50:38] alex at all-dynamics dot de Description: ------------ crypt () seems not to be thread-safe when using a threaded webserver (Windows, ISAPI). Maybe this has something to do with win32/md5crypt.c / md5_crypt: static char passwd[120] (static buffer which is returned to the calling function). Reproduce code: --------------- Run this code with two or more simultaneous requests on a threaded server: set_time_limit (0); $passwd1 = "testtesttest"; $passwd2 = "passwordpassword"; for ($i = 0; $i < 3000; $i++) { $crypted = crypt ($passwd1); if ($crypted != crypt ($passwd1, $crypted)) die ("no match"); $crypted = crypt ($passwd2); if ($crypted != crypt ($passwd2, $crypted)) die ("no match"); } echo "ok"; Expected result: ---------------- "ok" on all requests Actual result: -------------- one request may end with "no match", the other request will display "ok" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=45430&edit=1