Date: Sun, 13 Sep 1998 10:57:36 +0200 From: Dirk Froemberg <ibex@physik.TU-Berlin.DE> To: "Vladimir B. Grebenschikov" <vova@radiance.plugcom.ru>, andreas@klemm.gtn.com Cc: stefan@asterix.webaffairs.net, ports@FreeBSD.ORG Subject: Re: FreeBSD Port: apache-php3.0.3-1.3.0 Message-ID: <19980913105736.A12390@physik.TU-Berlin.DE> In-Reply-To: <199809121644.UAA27281@plugcom.ru>; from Vladimir B. Grebenschikov on Sat, Sep 12, 1998 at 08:44:48PM %2B0400 References: <19980912094245.A29717@klemm.gtn.com> <199809121644.UAA27281@plugcom.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Hello Vladimir!
First thanks for pointing out that php3_crypt doesn't work with
MD5 crypt properly. Actually it doesn't with DES crypt either, since
the generation of the salt is too coarse compared to runtime.
I replaced the #ifdef NEWSALT with something checking whether
MD5 crypt or DES crypt is called on runtime.
The standard salt for the DES crypt is used again (with a finer salt
generation of course), because the extented salt returns a strange
(perhaps only to me 8-) result which has nothing to do with a standard
DES string. And it lasts up to _10 minutes_ to calculate an extented
crypt on my Pentium 90 which is much too long for something like PHP3.
Please have a look at the attached diffs. If you agree Andreas could
commit them soon.
Perhaps you also want to contact the original PHP3 authors to include
this patch in the PHP3 distribution.
Best regards Dirk
On Sat, Sep 12, 1998 at 08:44:48PM +0400, Vladimir B. Grebenschikov wrote:
> > Dirk Froemberg is the new port maintainer.
> > I didn't look closely into this ... if we add this patch, does
> > it still work if installing FreeBSD with DES ?
>
> Will at this stage, BUT when called with one argument
> crypt("password") - identical salt will be used ('$1')
>
> for fix this need to compile crypt.c with -DNEWSALT, but it is not best
> solution for FreeBSD with DES, I know
--
e-mail: ibex@physik.tu-berlin.de
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-an
*** ../php-3.0.3/functions/crypt.c.orig Fri May 15 12:57:19 1998
--- ../php-3.0.3/functions/crypt.c Sun Sep 13 09:27:06 1998
***************
*** 66,74 ****
--- 66,96 ----
"Crypt", crypt_functions, NULL, NULL, NULL, NULL, NULL, STANDARD_MODULE_PROPERTIES
};
+ #ifdef __FreeBSD__
+ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+ void
+ to64(s, v, n)
+ char *s;
+ long v;
+ int n;
+ {
+ while (--n >= 0) {
+ *s++ = itoa64[v&0x3f];
+ v >>= 6;
+ }
+ }
+ #endif
+
void php3_crypt(INTERNAL_FUNCTION_PARAMETERS)
{
+ #ifdef __FreeBSD__
+ char salt[10];
+ struct timeval tv;
+ #else
char salt[4];
+ #endif
int arg_count = ARG_COUNT(ht);
pval *arg1, *arg2;
static char seedchars[] =
***************
*** 83,96 ****
--- 105,141 ----
salt[0] = '\0';
if (arg_count == 2) {
convert_to_string(arg2);
+ #ifdef __FreeBSD__
+ strncpy(salt, arg2->value.str.val, 9);
+ #else
strncpy(salt, arg2->value.str.val, 2);
+ #endif
}
if (!salt[0]) {
+ #ifdef __FreeBSD__
+ gettimeofday(&tv,0);
+ if (!strncmp(crypt("test", "xx"), "$1$", 3)) {
+ /* MD5 salt */
+ strncpy(&salt[0], "$1$", 3);
+ (void)srandom((int)time((time_t *)NULL));
+ to64(&salt[3], random(), 3);
+ to64(&salt[6], tv.tv_usec, 3);
+ salt[9] = '\0';
+ } else {
+ /* DES salt */
+ srandom(getpid() * tv.tv_usec);
+ to64(&salt[0], random(), 2);
+ salt[2] = '\0';
+ }
+ #else
srand(time(0) * getpid());
salt[0] = seedchars[rand() % 64];
salt[1] = seedchars[rand() % 64];
+ #endif
}
+ #ifndef __FreeBSD__
salt[2] = '\0';
+ #endif
return_value->value.str.val = (char *) crypt(arg1->value.str.val, salt);
return_value->value.str.len = strlen(return_value->value.str.val); /* can be optimized away to 13? */
--pWyiEgJYm5f9v55/--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980913105736.A12390>