-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le 08/01/2015 18:30, Julien Pauli a écrit :
> PHP 5.5.21 RC1 is available for testing.
I notice Horde_Auth test suite start to fail.
Seems related to
. Upgraded crypt_blowfish to version 1.3. (Leigh)
http://git.php.net/?p=php-src.git;a=commitdiff;h=84be568366e50f76818abfbd49ca623ead809606
With 5.6.4 (without this change)
$ php -r 'var_dump(crypt("foobar", "*0OayF9ttbxIs"));'
string(13) "*0OayF9ttbxIs"
With 5.4.36 / 5.5.21RC1 (with)
$ php55 -r 'var_dump(crypt("foobar", "*0OayF9ttbxIs"));'
string(2) "*1"
Is this expected ?
Notice the diff between (see attachement) :
- - 5.4.35 and 5.4.36 show 5 changes,
- - 5.5.20 and 5.521RC1 show only 2
- - 5.6.4 and 5.6.5RC1 show only 2
Remi
P.S. going to send a mail to horde ML about this
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlSuy1IACgkQYUppBSnxahjnjwCgoKcpwa7Fm2QbBQ811tNS2aac
SbcAn0kdF9FeBC+VDyOP8dG/XytadSiF
=YeQO
-----END PGP SIGNATURE-----
--- php-5.4.35/ext/standard/crypt.c 2014-11-12 01:29:14.000000000 +0100
+++ php-5.4.36/ext/standard/crypt.c 2014-12-16 19:41:23.000000000 +0100
@@ -204,7 +204,7 @@
salt[salt_in_len] = '\0';
crypt_res = php_sha512_crypt_r(str, salt, output,
needed);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0]=='*' && salt[1]=='0')) {
if (salt[0]=='*' && salt[1]=='0') {
RETVAL_STRING("*1", 1);
} else {
@@ -227,7 +227,7 @@
salt[salt_in_len] = '\0';
crypt_res = php_sha256_crypt_r(str, salt, output,
needed);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0]=='*' && salt[1]=='0')) {
if (salt[0]=='*' && salt[1]=='0') {
RETVAL_STRING("*1", 1);
} else {
@@ -242,7 +242,6 @@
} else if (
salt[0] == '$' &&
salt[1] == '2' &&
- salt[2] >= 'a' && salt[2] <= 'z' &&
salt[3] == '$' &&
salt[4] >= '0' && salt[4] <= '3' &&
salt[5] >= '0' && salt[5] <= '9' &&
@@ -252,7 +251,7 @@
memset(output, 0, PHP_MAX_SALT_LEN + 1);
crypt_res = php_crypt_blowfish_rn(str, salt, output,
sizeof(output));
- if (!crypt_res) {
+ if (!crypt_res || (salt[0]=='*' && salt[1]=='0')) {
if (salt[0]=='*' && salt[1]=='0') {
RETVAL_STRING("*1", 1);
} else {
@@ -268,7 +267,7 @@
_crypt_extended_init_r();
crypt_res = _crypt_extended_r(str, salt, &buffer);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0]=='*' && salt[1]=='0')) {
if (salt[0]=='*' && salt[1]=='0') {
RETURN_STRING("*1", 1);
} else {
@@ -292,7 +291,7 @@
# error Data struct used by crypt_r() is unknown. Please report.
# endif
crypt_res = crypt_r(str, salt, &buffer);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0]=='*' && salt[1]=='0')) {
if (salt[0]=='*' && salt[1]=='0') {
RETURN_STRING("*1", 1);
} else {
--- php-5.5.19/ext/standard/crypt.c 2014-11-12 10:38:46.000000000 +0100
+++
/home/rpmbuild/SPECS/remirepo/scl-php55/php/php-5.5.21RC1/ext/standard/crypt.c
2015-01-07 10:38:49.000000000 +0100
@@ -196,7 +196,6 @@
} else if (
salt[0] == '$' &&
salt[1] == '2' &&
- salt[2] >= 'a' && salt[2] <= 'z' &&
salt[3] == '$' &&
salt[4] >= '0' && salt[4] <= '3' &&
salt[5] >= '0' && salt[5] <= '9' &&
@@ -219,7 +218,7 @@
_crypt_extended_init_r();
crypt_res = _crypt_extended_r(password, salt, &buffer);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) {
return FAILURE;
} else {
*result = estrdup(crypt_res);
@@ -240,7 +239,7 @@
# error Data struct used by crypt_r() is unknown. Please report.
# endif
crypt_res = crypt_r(password, salt, &buffer);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) {
return FAILURE;
} else {
*result = estrdup(crypt_res);
--- php-5.6.4/ext/standard/crypt.c 2014-12-17 02:25:00.000000000 +0100
+++
/home/rpmbuild/SPECS/remirepo/scl-php56/php/php-5.6.5RC1/ext/standard/crypt.c
2015-01-06 23:01:03.000000000 +0100
@@ -196,7 +196,6 @@
} else if (
salt[0] == '$' &&
salt[1] == '2' &&
- salt[2] >= 'a' && salt[2] <= 'z' &&
salt[3] == '$' &&
salt[4] >= '0' && salt[4] <= '3' &&
salt[5] >= '0' && salt[5] <= '9' &&
@@ -219,7 +218,7 @@
_crypt_extended_init_r();
crypt_res = _crypt_extended_r(password, salt, &buffer);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) {
return FAILURE;
} else {
*result = estrdup(crypt_res);
@@ -240,7 +239,7 @@
# error Data struct used by crypt_r() is unknown. Please report.
# endif
crypt_res = crypt_r(password, salt, &buffer);
- if (!crypt_res) {
+ if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) {
return FAILURE;
} else {
*result = estrdup(crypt_res);
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
