[php-maint] Bug#581170: php5 crypt() does not complete with emtpy salt

Raoul Bhatia [IPAX] r.bhatia at ipax.at
Tue May 11 10:29:01 UTC 2010


Package: php5-common
Version: 5.3.2-1
Severity: important

php's crypt() function is broken. when supplying false, NULL or an
empty salt, i would expect php to generate its own salt:

> # echo "<?php echo crypt('test', false); ?>"|php -q ; echo
> 

running php on debian squeeze:

> # php -v -c /etc/php5/cli/php.ini.ucf-dist 
> PHP 5.3.2-1 with Suhosin-Patch (cli) (built: Mar 13 2010 22:18:25) 
> Copyright (c) 1997-2009 The PHP Group
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
>     with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH

everything is working as expected with the binaries from the dotdeb
mirror:

> $ echo "<?php echo crypt('test', false); ?>"|php -q ; echo
> $1$E1bI/Hct$w7nloqFXM2/GmjT5Mawb40
> $ php -v
> PHP 5.3.2-0.dotdeb.2 with Suhosin-Patch (cli) (built: Apr 20 2010 22:58:57)
> Copyright (c) 1997-2009 The PHP Group
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
>     with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH

thanks,
raoul





More information about the pkg-php-maint mailing list