Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:54267
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78349 invoked from network); 31 Jul 2011 21:43:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 31 Jul 2011 21:43:18 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 207.97.245.133 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 207.97.245.133 smtp133.iad.emailsrvr.com Linux 2.6
Received: from [207.97.245.133] ([207.97.245.133:54696] helo=smtp133.iad.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6F/58-24421-47CC53E4 for <internals@lists.php.net>; Sun, 31 Jul 2011 17:43:17 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp53.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 2D43D58178;
	Sun, 31 Jul 2011 17:43:14 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp53.relay.iad1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id AF47A5823D;
	Sun, 31 Jul 2011 17:43:13 -0400 (EDT)
Message-ID: <4E35CC70.1050203@sugarcrm.com>
Date: Sun, 31 Jul 2011 14:43:12 -0700
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Solar Designer <solar@openwall.com>
CC: PHP Internals List <internals@lists.php.net>
References: <20110719234406.GB28946@openwall.com>
In-Reply-To: <20110719234406.GB28946@openwall.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] CRYPT_SHA256 fails tests in trunk
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

On 7/19/11 4:44 PM, Solar Designer wrote:
> Hi,
>
> These tests fail in trunk on my x86_64 build:
>
> crypt_sha256.phpt
> crypt_variation1.phpt
>
> The differences are like this:
>
> Expected:<$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
> Got<$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C3>
>
> That is, the salts are truncated.  There's a relevant recent change in
> crypt.c involving the line:
>
> 		salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len);
>

Thanks for the report.
This problem seems to be unrelated to this change, but in fact looks 
like it's related to this code in

	if ((salt - (char *) 0) % __alignof__(uint32_t) != 0) {
		char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint32_t));
		salt = copied_salt =
		memcpy(tmp + __alignof__(uint32_t) - (tmp - (char *) 0) % __alignof__ 
(uint32_t), salt, salt_len);
		tmp[salt_len] = 0;
	}

As you can see, the last line cuts the string relative to tmp, but salt 
is copied to tmp with offest, which leads to salt truncation. Changing 
it from tmp to copied_salt seems to fix the problem. I'll apply the fix 
in a minute.
The change that introduced this problem is:
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/crypt_sha256.c?r1=300427&r2=312952

-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227