diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 14eb6cda9735a..54687f6cdf307 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -177,7 +177,19 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) { return NULL; - } else { + } + else if (!strcmp(crypt_res, "*")) { + /* Musl crypt() uses "*" as a failure token rather + * than the "*0" that libxcrypt/PHP use. Our test + * suite in particular looks for "*0" in a few places, + * and it would be annoying to handle both values + * explicitly. It seems wise to abstract this detail + * from the end user: if it's annoying for us, imagine + * how annoying it would be in end-user code; not that + * anyone would think of it. */ + return NULL; + } + else { result = zend_string_init(crypt_res, strlen(crypt_res), 0); return result; } diff --git a/ext/standard/tests/crypt/des_fallback_invalid_salt.phpt b/ext/standard/tests/crypt/des_fallback_invalid_salt.phpt index b0797657d80a2..8b00c81bbd1ce 100644 --- a/ext/standard/tests/crypt/des_fallback_invalid_salt.phpt +++ b/ext/standard/tests/crypt/des_fallback_invalid_salt.phpt @@ -3,8 +3,11 @@ Test DES with invalid fallback --FILE-- --EXPECT-- diff --git a/ext/standard/tests/strings/crypt_sha256.phpt b/ext/standard/tests/strings/crypt_sha256.phpt index 095e8f1691336..324248294be72 100644 --- a/ext/standard/tests/strings/crypt_sha256.phpt +++ b/ext/standard/tests/strings/crypt_sha256.phpt @@ -39,12 +39,10 @@ $tests = array( 'a short string', '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' ), + + // The "too many rounds" behavior depends on the crypt() + // implementation, but for now everyone agrees on what to do. 8 => array( - '$5$rounds=10$roundstoolow', - 'the number of rounds is too low', - '*0' - ), - 9 => array( '$5$rounds=1000000000$roundstoohigh', 'the number of rounds is too high', '*0'