Maximum password length should be exposed to userland when libxcrypt is used

[mszabo-wikia]

Description

When PHP is built against an external libxcrypt (--with-external-libcrypt, e.g. on Fedora and derivatives), passwords passed to crypt are limited by CRYPT_MAX_PASSPHRASE_SIZE which is by default 512. However, there's no way for userland to determine whether such a limit is in force, which can cause confusion. For example, the following code:

<?php
var_dump(crypt(str_repeat("a",513),"\$2y\$05\$" . str_repeat("b",22)));

Results in this output:

string(2) "*0"

I think it would be useful to expose this limit as a constant or helper function so that applications can determine whether crypt() password sizes are limited.

[cmb69]

This makes sense to me, and assuming that macro is exposed in a public header (should be in crypt.h), it's as simple as defining that constant in the stub file. Something like

 ext/standard/basic_functions.stub.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ext/standard/basic_functions.stub.php b/ext/standard/basic_functions.stub.php
index e7f4ff8844..68967f1739 100644
--- a/ext/standard/basic_functions.stub.php
+++ b/ext/standard/basic_functions.stub.php
@@ -396,6 +396,14 @@
 /** @var int */
 const CRYPT_SHA512 = 1;
 
+#ifdef PHP_EXTERNAL_LIBCRYPT
+/**
+ * @var int
+ * @cvalue CRYPT_MAX_PASSPHRASE_SIZE
+ */
+const CRYPT_MAX_PASSPHRASE_SIZE = UNKNOWN;
+#endif
+
 /* dns.c */
 
 #if (defined(PHP_WIN32) || (defined(HAVE_DNS_SEARCH_FUNC) && defined(HAVE_FULL_DNS_FUNCS)))

[cmb69]

cc @remicollet