From: alex at all-dynamics dot de Operating system: Win32 PHP version: 5.2.6 PHP Bug Type: *Encryption and hash functions Bug description: crypt () not thread-safe on threaded webserver (ISAPI)
Description: ------------ crypt () seems not to be thread-safe when using a threaded webserver (Windows, ISAPI). Maybe this has something to do with win32/md5crypt.c / md5_crypt: static char passwd[120] (static buffer which is returned to the calling function). Reproduce code: --------------- Run this code with two or more simultaneous requests on a threaded server: set_time_limit (0); $passwd1 = "testtesttest"; $passwd2 = "passwordpassword"; for ($i = 0; $i < 3000; $i++) { $crypted = crypt ($passwd1); if ($crypted != crypt ($passwd1, $crypted)) die ("no match"); $crypted = crypt ($passwd2); if ($crypted != crypt ($passwd2, $crypted)) die ("no match"); } echo "ok"; Expected result: ---------------- "ok" on all requests Actual result: -------------- one request may end with "no match", the other request will display "ok" -- Edit bug report at http://bugs.php.net/?id=45430&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=45430&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=45430&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=45430&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=45430&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=45430&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=45430&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=45430&r=needscript Try newer version: http://bugs.php.net/fix.php?id=45430&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=45430&r=support Expected behavior: http://bugs.php.net/fix.php?id=45430&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=45430&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=45430&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=45430&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45430&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=45430&r=dst IIS Stability: http://bugs.php.net/fix.php?id=45430&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=45430&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=45430&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=45430&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=45430&r=mysqlcfg