- Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size

diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index dbc5dc3302b483bd455fe94f9b1b0ad232ca4e7d..ce83b4d070a7234fe109fce5e125d35d3d28aaa1 100644 (file)
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -208,6 +208,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
        if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, sp, sl + 1) != 0) {
                goto _destroyCtx1;
        }
+       passwd[MD5_MAGIC_LEN + sl] = '\0';
        strcat_s(passwd, MD5_HASH_MAX_LEN, "$");
 #else
        /* VC6 version doesn't have strcat_s or strncpy_s */

diff --git a/ext/standard/tests/strings/bug50052.phpt b/ext/standard/tests/strings/bug50052.phpt
new file mode 100644 (file)
index 0000000..308505c
--- /dev/null
+++ b/ext/standard/tests/strings/bug50052.phpt
@@ -0,0 +1,12 @@
+--TEST--\r
+Bug #50052 (Different Hashes on Windows and Linux on wrong Salt size)\r
+--FILE--\r
+<?php\r
+$salt = b'$1$f+uslYF01$';\r
+$password = b'test';\r
+echo $salt . "\n";\r
+echo crypt($password,$salt) . "\n";\r
+?>\r
+--EXPECT--\r
+$1$f+uslYF01$\r
+$1$f+uslYF0$orVloNmKSLvOeswusE0bY.\r