#50052 [NEW]: Crypt - Different Hashes on Windows and Linux on wrong Salt size

Sun, 01 Nov 2009 18:39:43 -0800 

From:             otaviodiniz at gmail dot com
Operating system: Windows 7
PHP version:      5.3.0
PHP Bug Type:     Scripting Engine problem
Bug description:  Crypt - Different Hashes on Windows and Linux on wrong Salt 
size

Description:
------------
The behave of Crypt function on Windows and Linux boxes are different.
In the sample function we create a Salt with length of 12 characters.

First, the Salt size is incorrect, if i remove one character the Salt, the
result will be correct.

But with the wrong Salt size the behavior are different:

On Windows - The output is incorrect, as it shows the whole Salt without
the terminator $...

On Linux - PHP strips one character of Salt into it's correct expected
size, outputing correctly with the terminator $...

Reproduce code:
---------------
md5crypt("test");

function md5crypt($password)
{
  $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
  .'abcdefghijklmnopqrstuvwxyz0123456789+/';
  $salt='$1$';
  for($i=0; $i<9; $i++)
  {
    $salt.=$base64_alphabet[rand(0,63)];
  }
  $salt.='$';
  echo "<pre>";
  echo "Salt:   ".$salt."<br />\r\n";
  echo "Output: ".crypt($password,$salt);
  echo "</pre>";
}

Expected result:
----------------
Salt:   $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
//Linux




Actual result:
--------------
Salt:   $1$XcPmtBmRG$
Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0
//Windows

-- 
Edit bug report at http://bugs.php.net/?id=50052&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=50052&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=50052&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=50052&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=50052&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=50052&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=50052&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=50052&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=50052&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=50052&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=50052&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=50052&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=50052&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=50052&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=50052&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=50052&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=50052&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=50052&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=50052&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=50052&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=50052&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=50052&r=mysqlcfg

Reply via email to