Edit report at http://bugs.php.net/bug.php?id=54721&edit=1

 ID:                 54721
 Updated by:         paj...@php.net
 Reported by:        os at irj dot ru
 Summary:            crypt function
-Status:             Feedback
+Status:             Closed
 Type:               Bug
 Package:            *Encryption and hash functions
 Operating System:   Windows 7 x64
 PHP Version:        5.3.6
 Assigned To:        pajoye
 Block user comment: N
 Private report:     N

 New Comment:

Fixed in all active branches and trunk.


Previous Comments:
------------------------------------------------------------------------
[2011-05-24 15:48:06] paj...@php.net

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=311390
Log: - Fix #54721, different Hashes on Windows, BSD and Linux on wrong
Salt size

------------------------------------------------------------------------
[2011-05-22 19:22:51] paj...@php.net

oh my bad, used the wrong bins. Here are the results with the patch on
windows, 

seems to match now:



$1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0

$1$dW0.is5.$KaspRpPQ9U7Xb5Vv5c.WE/

$1$dW0.is5.$X9G1x/Ep8zYQSrU4/lKUg.

$1$dW0.is5.$wE5Rz/HxPtDMfqil6kK980

$1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9.

$1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1

$1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0

------------------------------------------------------------------------
[2011-05-22 18:40:51] fel...@php.net

On Linux (Debian):

$1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0

$1$dW0.is5.$KaspRpPQ9U7Xb5Vv5c.WE/

$1$dW0.is5.$X9G1x/Ep8zYQSrU4/lKUg.

$1$dW0.is5.$wE5Rz/HxPtDMfqil6kK980

$1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9.

$1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1

$1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0

------------------------------------------------------------------------
[2011-05-22 18:29:44] paj...@php.net

On FreeBSD I got (which uses system's crypt):



<?php 

echo crypt("dev", '$1$dW0.is5.$10CH101gGOr1677ZYd517.'); 

?>

.ionEGu/npGjI



With the proposed fix, I got on windows (which is what this bug is
about):

$1$dW0.is5.$Jay703TqfAIolX2oUKG7u1



Which is not what the initial report says, it expects:



$1$dW0.is5.$10CH101gGOr1677ZYd517.



And using the tests provided privately:





<?php 

echo crypt("", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";

echo crypt("b", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";

echo crypt("bu", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";

echo crypt("bug", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";

echo crypt("pass", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";

echo crypt("buged", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";

echo crypt("aaaaaaaaaaaaaaaaaaaaaaaaa ",
'$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";

?>

Windows (with patch):

$1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0

$1$dW0.is5.$geEFTh1pYyBlKNV7Jd0jJ0

$1$dW0.is5.$J9qpZsnaE3ddwR9CfXJq71

$1$dW0.is5.$5tcolHQsY5Pxr8vn4rzdN/

$1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9.

$1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1

$1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0



FreeBSD:

$1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0

$1$dW0.is5.$KaspRpPQ9U7Xb5Vv5c.WE/

$1$dW0.is5.$X9G1x/Ep8zYQSrU4/lKUg.

$1$dW0.is5.$wE5Rz/HxPtDMfqil6kK980

$1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9.

$1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1

$1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0



I don't think the patch or the initial report is correct and it somehow
confirms my thoughts, len>16 is really implementation specific. Or did I


miss something?

------------------------------------------------------------------------
[2011-05-21 20:11:26] tony2...@php.net

Pierre, could you test the proposed fix, please?

Thanks in advance.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=54721


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54721&edit=1

Reply via email to