[php-maint] Bug#581170: php5 crypt() does not complete with emtpy salt
Raoul Bhatia [IPAX]
r.bhatia at ipax.at
Tue May 11 10:29:01 UTC 2010
Package: php5-common
Version: 5.3.2-1
Severity: important
php's crypt() function is broken. when supplying false, NULL or an
empty salt, i would expect php to generate its own salt:
> # echo "<?php echo crypt('test', false); ?>"|php -q ; echo
>
running php on debian squeeze:
> # php -v -c /etc/php5/cli/php.ini.ucf-dist
> PHP 5.3.2-1 with Suhosin-Patch (cli) (built: Mar 13 2010 22:18:25)
> Copyright (c) 1997-2009 The PHP Group
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
> with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
everything is working as expected with the binaries from the dotdeb
mirror:
> $ echo "<?php echo crypt('test', false); ?>"|php -q ; echo
> $1$E1bI/Hct$w7nloqFXM2/GmjT5Mawb40
> $ php -v
> PHP 5.3.2-0.dotdeb.2 with Suhosin-Patch (cli) (built: Apr 20 2010 22:58:57)
> Copyright (c) 1997-2009 The PHP Group
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
> with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
thanks,
raoul
More information about the pkg-php-maint
mailing list