diff options
author | Anthony Ferrara <ircmaxell@ircmaxell.com> | 2012-06-28 20:36:21 -0400 |
---|---|---|
committer | Anthony Ferrara <ircmaxell@ircmaxell.com> | 2012-06-28 20:36:21 -0400 |
commit | 34ab5650bcea46825ed1f9021c5a52b161705c27 (patch) | |
tree | 28e4459982a62a7f2f00085816b70e322abc4cd7 | |
parent | 405ebfcd182a39f0960ff7d7055d49053d3e0316 (diff) | |
parent | 7e8276ca68fc622124d51d18e4f7b5cde3536de4 (diff) | |
download | php-git-34ab5650bcea46825ed1f9021c5a52b161705c27.tar.gz |
Merge branch 'PHP-5.3' into PHP-5.4
* PHP-5.3:
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/standard/crypt.c | 4 | ||||
-rw-r--r-- | ext/standard/tests/strings/bug62443.phpt | 9 |
3 files changed, 13 insertions, 2 deletions
@@ -11,6 +11,8 @@ PHP NEWS includes a semi-colon). (Pierrick) . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). (Jason Powell, Stas) + . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed + Salt). (Anthony Ferrara) - EXIF: . Fixed information leak in ext exif (discovered by Martin Noga, diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 9a1fcf1f69..3ade86a068 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -199,7 +199,7 @@ PHP_FUNCTION(crypt) char *output; int needed = (sizeof(sha512_salt_prefix) - 1 + sizeof(sha512_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); + + PHP_MAX_SALT_LEN + 1 + 43 + 1); output = emalloc(needed); salt[salt_in_len] = '\0'; @@ -222,7 +222,7 @@ PHP_FUNCTION(crypt) char *output; int needed = (sizeof(sha256_salt_prefix) - 1 + sizeof(sha256_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); + + PHP_MAX_SALT_LEN + 1 + 43 + 1); output = emalloc(needed); salt[salt_in_len] = '\0'; diff --git a/ext/standard/tests/strings/bug62443.phpt b/ext/standard/tests/strings/bug62443.phpt new file mode 100644 index 0000000000..9e0dc38cfb --- /dev/null +++ b/ext/standard/tests/strings/bug62443.phpt @@ -0,0 +1,9 @@ +--TEST-- +Bug #62443 Crypt SHA256/512 Segfaults With Malformed Salt +--FILE-- +<?php +crypt("foo", '$5$'.chr(0).'abc'); +crypt("foo", '$6$'.chr(0).'abc'); +echo "OK!"; +--EXPECT-- +OK! |