- Fix #54721, different Hashes on Windows, BSD and Linux on wrong Salt size

2 files changed, 21 insertions, 1 deletions

diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index cd3746258c..2d71710cfd 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -197,7 +197,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 		goto _destroyCtx1;
 	}
 
-	dwHashLen = pwl + sl + pwl;
+	dwHashLen = 16;
 	CryptGetHashParam(ctx1, HP_HASHVAL, final, &dwHashLen, 0);
 	/*  MD5(pw,salt,pw). Valid. */
 
diff --git a/ext/standard/tests/strings/bug54721.phpt b/ext/standard/tests/strings/bug54721.phpt
new file mode 100644
index 0000000000..3851df1542
--- /dev/null
+++ b/ext/standard/tests/strings/bug54721.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt size)
+--FILE--
+<?php 
+echo crypt("", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";
+echo crypt("b", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";
+echo crypt("bu", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";
+echo crypt("bug", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";
+echo crypt("pass", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";
+echo crypt("buged", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";
+echo crypt("aaaaaaaaaaaaaaaaaaaaaaaaa ", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n";
+?>
+--EXPECT--
+$1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0
+$1$dW0.is5.$KaspRpPQ9U7Xb5Vv5c.WE/
+$1$dW0.is5.$X9G1x/Ep8zYQSrU4/lKUg.
+$1$dW0.is5.$wE5Rz/HxPtDMfqil6kK980
+$1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9.
+$1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1
+$1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0