From 27f1f3ed1a040a7f20bd9bb16af7bf219f4df97f Mon Sep 17 00:00:00 2001
From: Sara Golemon <pollita@php.net>
Date: Thu, 27 Jun 2019 19:00:32 -0400
Subject: [PATCH] Bugfix #78208 Needs rehash with an unknown algo should always
 return true.

---
 ext/standard/password.c                              |  2 +-
 .../tests/password/password_needs_rehash.phpt        | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/ext/standard/password.c b/ext/standard/password.c
index d91058bfc2..d7e12e852a 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -672,7 +672,7 @@ PHP_FUNCTION(password_needs_rehash)
 		Z_PARAM_ARRAY_OR_OBJECT_HT(options)
 	ZEND_PARSE_PARAMETERS_END();
 
-	new_algo = php_password_algo_find_zval_ex(znew_algo, NULL);
+	new_algo = php_password_algo_find_zval(znew_algo);
 	if (!new_algo) {
 		/* Unknown new algorithm, never prompt to rehash. */
 		RETURN_FALSE;
diff --git a/ext/standard/tests/password/password_needs_rehash.phpt b/ext/standard/tests/password/password_needs_rehash.phpt
index 688d57ed32..d88270884e 100644
--- a/ext/standard/tests/password/password_needs_rehash.phpt
+++ b/ext/standard/tests/password/password_needs_rehash.phpt
@@ -33,7 +33,11 @@ var_dump(password_needs_rehash('$2y$'.$cost.'$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.o
 // Should Issue Needs Rehash, Since Foo is cast to 0...
 var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 'foo')));
 
+// CRYPT_MD5
+var_dump(password_needs_rehash(crypt('Example', '$1$'), PASSWORD_DEFAULT));
 
+// CRYPT_SHA512 with 5000
+var_dump(password_needs_rehash(crypt('Example', '$6$rounds=5000$aa$'), PASSWORD_DEFAULT));
 
 echo "OK!";
 ?>
@@ -41,13 +45,15 @@ echo "OK!";
 bool(true)
 bool(true)
 bool(true)
-bool(false)
-bool(false)
-bool(false)
+bool(true)
+bool(true)
+bool(true)
 bool(false)
 bool(false)
 bool(true)
 bool(true)
 bool(false)
 bool(true)
+bool(true)
+bool(true)
 OK!
-- 
2.40.0