PHP :: Bug #55439 :: crypt() returns only the salt for MD5

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

坏坏的菠萝 · 當老師成教育臨時工：代理老師年年流浪的辛酸｜ ...· 3 周前 ·

阳光的充值卡 · Topics tagged under ...· 2 月前 ·

热心的大熊猫 · 在SqlServer数据库执行时，报错关键字 ...· 3 月前 ·

满身肌肉的山羊 · PHP中的数组是作为值复制还是作为对新变量的 ...· 8 月前 ·

时尚的胡萝卜 · 【Python】【PyQt5】抖音表白神器 ...· 1 年前 ·

Description:
------------
If crypt() is executed with MD5 salts, the return value conists of the salt only.
DES and BLOWFISH salts work as expected.
I tested with php from openSUSE PHP5 repository
> php -v
PHP 5.3.7RC6-dev (cli)
> rpm -q php5
php5-5.3.6.201108112132-94.1.x86_64
Test script:
---------------
printf("MD5: %s\n", crypt('password', '$1$U7AjYB.O$'));
Expected result:
----------------
MD5: $1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1
Actual result:
--------------
MD5: $1$U7AjYB.O
Patches
(last revision 2011-09-20 04:05 UTC by michaeloses_18 at hotmail dot com)

Pull Requests
Pull requests:

  Extract functions to classes
      (web-master/12)
Add a Pull Request
History
AllCommentsChangesGit/SVN commitsRelated reports            
 [2011-08-19 10:12 UTC] noel dot butler at ausics dot net
This is confirmed bug in stable release 5.3.7
 [2011-08-19 11:03 UTC] tomp at tomp dot co dot uk
We have also experienced this problem with the official release of PHP 5.3.7.
 [2011-08-19 11:15 UTC] [email protected]
-Status:      Open
+Status:      Assigned
-Assigned To:
+Assigned To: stas
 [2011-08-19 11:15 UTC] [email protected]
stas, could you look at this issue please? It could be related to our latest 
changes there.
 [2011-08-19 21:16 UTC] jo at feuersee dot de
Verified for PHP5.3.7 
> php -v
PHP 5.3.7 (cli) 
> php -r 'printf("%s\n", crypt("password"));'
$1$p4uaO1jN
Note that only the salt is returned.
AFAIK MD5 is the default encryption type.
The big problem is that if an application stores this hashes in a database and uses them for authentication, the problem with this bug is that 
$valid = crypt($pw, $crypt);
will always be TRUE regardless of $pw
We do have a serious problem here. I suggest recalling 5.3.7 and go for a 5.3.7pl1
 [2011-08-19 21:32 UTC] jo at feuersee dot de
Uhm ok the PHP code wasn't correct but I think you get the point:
If crypt() only stores the salt then crypt($pw, $salt) will return the salt and comparing this to $pw is useless as the salt is a constant regardless of $pw.
 [2011-08-19 22:19 UTC] [email protected]
Confirming, some very recent update broke it - right now unit tests fail on SVN. I 
wonder if nobody run it before release?
 [2011-08-19 22:49 UTC] [email protected]
Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=315218
Log: Unbreak crypt() (fix bug #55439)
# If you want to remove static analyser messages, be my guest,
# but please run unit tests after
 [2011-08-19 22:50 UTC] [email protected]
-Status: Assigned
+Status: Closed
 [2011-08-19 22:50 UTC] [email protected]
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 For Windows:
http://windows.php.net/snapshots/
Thank you for the report, and for helping us make PHP better.
fixed, thanks
 [2011-08-20 01:32 UTC] noel dot butler at ausics dot net
Thanks stas, confirmed fixed in snapshot 201108200030
 [2011-08-20 08:48 UTC] info at onlime dot ch
thanks for fixing this (in my eyes) release critical bug. Are you going to release an official 5.3.7pl1 soon?
I'm not able to deploy a SVN/snapshot release on our webservers. It simply doesn't look good. Our customers rely on stable PHP releases. I would very much appreciate a pl1 release.
 [2011-08-20 09:09 UTC] [email protected]
Yes, we will release 5.3.7pl1 or 5.3.8
 [2011-08-23 08:09 UTC] [email protected]
Automatic comment from SVN on behalf of johannes
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=315338
Log: Merge r315218 - Unbreak crypt() (fix bug #55439) (stas)
 [2011-08-23 17:45 UTC] christoph_m at gmx dot net
I looked at the code changes. strlcat(passwd, "$", 1); was replaced by 
strcat(passwd, "$"); In my opinion that is the same behavior as before. Both 
functions append the string "$" and add the terminating NUL-Character. 
This is my first look into the PHP-repository and this bugtracker ;)
christoph
 [2011-08-23 18:44 UTC] christoph_m at gmx dot net
Ok, strlcat() includes the length for the terminating NUL-Byte. So, the bugfix 
should be ok.
 [2012-04-18 09:49 UTC] [email protected]
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4f980905a0bff94807ea07cb897c0e4cd4e6b83f
Log: Unbreak crypt() (fix bug #55439) # If you want to remove static analyser messages, be my guest, # but please run unit tests after
 [2012-07-24 23:40 UTC] [email protected]
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4f980905a0bff94807ea07cb897c0e4cd4e6b83f
Log: Unbreak crypt() (fix bug #55439) # If you want to remove static analyser messages, be my guest, # but please run unit tests after
 [2013-11-17 09:36 UTC] [email protected]
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4f980905a0bff94807ea07cb897c0e4cd4e6b83f
Log: Unbreak crypt() (fix bug #55439) # If you want to remove static analyser messages, be my guest, # but please run unit tests after
 [2021-04-27 18:32 UTC] test at test dot cz
The following pull request has been associated:
Patch Name: Extract functions to classes
On GitHub:  https://github.com/php/web-master/pull/12
Patch:      https://github.com/php/web-master/pull/12.patch