#50052 [Com]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
ID: 50052 Comment by: otaviodiniz at gmail dot com Reported By: otaviodiniz at gmail dot com Status: Feedback Bug Type: Scripting Engine problem Operating System: Windows 7 PHP Version: 5.3.0 New Comment: As you can see the output are different in 5.2 and 5.3 near 0$or 01or. Previous Comments: [2009-11-02 09:59:54] paj...@php.net Forgot to copy 5.3 output as well: g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY. [2009-11-02 09:46:31] paj...@php.net Cannot reproduce: g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. Please try using VC9-x86 binaries, http://windows.php.net/snapshots/ [2009-11-02 02:39:32] otaviodiniz at gmail dot com Description: The behave of Crypt function on Windows and Linux boxes are different. In the sample function we create a Salt with length of 12 characters. First, the Salt size is incorrect, if i remove one character the Salt, the result will be correct. But with the wrong Salt size the behavior are different: On Windows - The output is incorrect, as it shows the whole Salt without the terminator $... On Linux - PHP strips one character of Salt into it's correct expected size, outputing correctly with the terminator $... Reproduce code: --- md5crypt("test"); function md5crypt($password) { $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ' .'abcdefghijklmnopqrstuvwxyz0123456789+/'; $salt='$1$'; for($i=0; $i<9; $i++) { $salt.=$base64_alphabet[rand(0,63)]; } $salt.='$'; echo ""; echo "Salt: ".$salt."\r\n"; echo "Output: ".crypt($password,$salt); echo ""; } Expected result: Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. //Linux Actual result: -- Salt: $1$XcPmtBmRG$ Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0 //Windows -- Edit this bug report at http://bugs.php.net/?id=50052&edit=1
#50052 [NEW]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
From: otaviodiniz at gmail dot com Operating system: Windows 7 PHP version: 5.3.0 PHP Bug Type: Scripting Engine problem Bug description: Crypt - Different Hashes on Windows and Linux on wrong Salt size Description: The behave of Crypt function on Windows and Linux boxes are different. In the sample function we create a Salt with length of 12 characters. First, the Salt size is incorrect, if i remove one character the Salt, the result will be correct. But with the wrong Salt size the behavior are different: On Windows - The output is incorrect, as it shows the whole Salt without the terminator $... On Linux - PHP strips one character of Salt into it's correct expected size, outputing correctly with the terminator $... Reproduce code: --- md5crypt("test"); function md5crypt($password) { $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ' .'abcdefghijklmnopqrstuvwxyz0123456789+/'; $salt='$1$'; for($i=0; $i<9; $i++) { $salt.=$base64_alphabet[rand(0,63)]; } $salt.='$'; echo ""; echo "Salt: ".$salt."\r\n"; echo "Output: ".crypt($password,$salt); echo ""; } Expected result: Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. //Linux Actual result: -- Salt: $1$XcPmtBmRG$ Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0 //Windows -- Edit bug report at http://bugs.php.net/?id=50052&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50052&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50052&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50052&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50052&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50052&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50052&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50052&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50052&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50052&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50052&r=support Expected behavior: http://bugs.php.net/fix.php?id=50052&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50052&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50052&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50052&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50052&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=50052&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50052&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50052&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50052&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50052&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50052&r=mysqlcfg