From: Operating system: Linux PHP version: 5.3.2 Package: Compile Failure Bug Type: Bug Bug description:SHA-2 family function test in crypt are wrong
Description: ------------ Tests for SHA-2 family functions in crypt() from -lcrypt are broken: strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8 kPuZa2SOP1A0RPm772EaFYjpEJtdu."); in SHA-512 test will surely not fit into char answer[80]... and because of that salt (on the stack) is overwriten, same problem with SHA-256. But even if you increase the buffer, the code there is just plain wrong and could never function correctly. Looks like this code was not properly tested since there are probably too few platforms where you can satisfy all needed crypt functions (extended DES and Blowfish) and therefore internal crypt implementation is always used. Attached patch corrects that. If I have a more time I'll rework this whole code, to just use internal reimplementations for functions not provided by system library. Expected result: ---------------- checking for SHA512 crypt... yes checking for SHA256 crypt... yes Actual result: -------------- checking for SHA512 crypt... no checking for SHA256 crypt... no -- Edit bug report at http://bugs.php.net/bug.php?id=51247&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51247&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51247&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51247&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51247&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51247&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51247&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51247&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51247&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51247&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51247&r=support Expected behavior: http://bugs.php.net/fix.php?id=51247&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51247&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51247&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51247&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51247&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=51247&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51247&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51247&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51247&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51247&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51247&r=mysqlcfg
