ID: 28905
Comment by: jocke at blajj dot net
Reported By: screen at brainkrash dot com
Status: Open
Bug Type: Unknown/Other Function
Operating System: Win32/Linux
PHP Version: 4.3.6
New Comment:
Ok, I just downloaded all the PHP sources from version 4.3.3
and up, and did a quick check of the cracklib sources.
The file php-4.3.x/ext/crack/crack.c was changed in PHP 4.3.5 (from
version 1.18.8.2 to 1.18.8.3) and has stayed in that version since.
PHP 4.3.4: /* $Id: crack.c,v 1.18.8.2 2003/06/12 12:37:03 andrey Exp $
*/
PHP 4.3.5: (and up) /* $Id: crack.c,v 1.18.8.3 2004/01/04 20:01:07
iliaa Exp $ */
I will later try to recompile 4.3.8 with the earlier version of crack.c
and see what happens. (maybe not a good idea, but I want to try...)
Previous Comments:
------------------------------------------------------------------------
[2004-07-16 06:16:10] jocke at blajj dot net
Same here...
I upgraded from Apache 1.3.29 / PHP 4.3.4 (where the Cracklib-functions
actually worked) to Apache 1.3.31 / PHP 4.3.8 (with the exact same
configuration options) and now the Cracklib-functions in PHP are
totally broken...
[16-Jul-2004 06:00:06] PHP Warning: crack_check(): 135510476 is not a
valid cracklib dictionary resource in ...
[16-Jul-2004 06:00:06] PHP Warning: crack_getlastmessage(): No obscure
checks in this session in ...
Annoying, to say the least :-)
------------------------------------------------------------------------
[2004-07-15 21:45:25] bradshaw at mcs dot anl dot gov
I am seeing this exact same problem with the 4.3.8 that we just started
using on our linux server running apache 2.0.50.
Is there a fix or workaround for this cause it is really affecting our
account creation system.
------------------------------------------------------------------------
[2004-06-24 01:57:16] screen at brainkrash dot com
Description:
------------
Upgraded to 4.3.6 from 4.3.4 and cracklib crack_check errors on
crack_check when passed the result from a successful crack_openict.
I've tested on a linux build and on win32 (binary distro).
crack_opendict appears does return a "resource" with no errors but
crack_check returns the following error:
Warning: crack_check(): 209064108 is not a valid cracklib dictionary
resource in...
a subsequent call to crack_getlastmessage gives the following warning:
Warning: crack_getlastmessage(): No obscure checks in this session
in...
Reproduce code:
---------------
$dict = crack_opendict("/usr/lib/cracklib_dict");
$strong = crack_check($dict, 'password');
print("dict: $dict<br>");
print("strong: $strong<br>");
Expected result:
----------------
dict: Resource id #60
strong: 0
Actual result:
--------------
Warning: crack_check(): 216275340 is not a valid cracklib dictionary
resource in
c:\usr\local\www\v2\common\auth\classes\class.BrainKrash_Auth.php on
line 704
dict: Resource id #60
strong:
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=28905&edit=1
