Merge branch 'PHP-5.4' of ssh://git.php.net/php-src into PHP-5.4

author: andrey <andrey@php.net> 2012-06-29 14:41:01 +0300
committer: andrey <andrey@php.net> 2012-06-29 14:41:01 +0300
commit: a19d5c520c002aac28f0ce4f5622c3b919e011f0 (patch)
tree: aa081ce86d66b27edbc9f8cb799212ccb8623bbb
parent: 08f4b3c3acf1d3264f8c2f67533bf5c27910644f (diff)
parent: d86b6ea35c5e0afefb373979cb743098178a0a07 (diff)
download: php-git-a19d5c520c002aac28f0ce4f5622c3b919e011f0.tar.gz
11 files changed, 66 insertions, 46 deletions
diff --git a/NEWS b/NEWS
index b1de5f189e..f511250205 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? 2012, PHP 5.4.5
 
 - Core:
+  . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed 
+    Salt). (Anthony Ferrara)
   . Fixed bug #62357 (compile failure: (S) Arguments missing for built-in
     function __memcmp). (Laruence)
   . Fixed bug #61998 (Using traits with method aliases appears to result in
diff --git a/ext/json/json.c b/ext/json/json.c
index 5ea307020a..b467079610 100644
--- a/ext/json/json.c
+++ b/ext/json/json.c
@@ -35,6 +35,7 @@ static PHP_MINFO_FUNCTION(json);
 static PHP_FUNCTION(json_encode);
 static PHP_FUNCTION(json_decode);
 static PHP_FUNCTION(json_last_error);
+static PHP_FUNCTION(json_last_error_msg);
 
 static const char digits[] = "0123456789abcdef";
 
@@ -55,8 +56,10 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_json_decode, 0, 0, 1)
 	ZEND_ARG_INFO(0, options)
 ZEND_END_ARG_INFO()
 
-ZEND_BEGIN_ARG_INFO_EX(arginfo_json_last_error, 0, 0, 0)
-	ZEND_ARG_INFO(0, as_string)
+ZEND_BEGIN_ARG_INFO(arginfo_json_last_error, 0)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_json_last_error_msg, 0)
 ZEND_END_ARG_INFO()
 /* }}} */
 
@@ -65,6 +68,7 @@ static const zend_function_entry json_functions[] = {
 	PHP_FE(json_encode, arginfo_json_encode)
 	PHP_FE(json_decode, arginfo_json_decode)
 	PHP_FE(json_last_error, arginfo_json_last_error)
+	PHP_FE(json_last_error_msg, arginfo_json_last_error_msg)
 	PHP_FE_END
 };
 /* }}} */
@@ -746,21 +750,25 @@ static PHP_FUNCTION(json_decode)
 /* }}} */
 
 /* {{{ proto int json_last_error()
-   Returns the error code of the last json_decode(). */
+   Returns the error code of the last json_encode() or json_decode() call. */
 static PHP_FUNCTION(json_last_error)
 {
-	zend_bool as_string = 0;
-
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &as_string) == FAILURE) {
+	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
 
-	/* return error code (JSON_ERROR_* constants) */
-	if (!as_string) {
-		RETURN_LONG(JSON_G(error_code));
+	RETURN_LONG(JSON_G(error_code));
+}
+/* }}} */
+
+/* {{{ proto string json_last_error_msg()
+   Returns the error string of the last json_encode() or json_decode() call. */
+static PHP_FUNCTION(json_last_error_msg)
+{
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
 	}
 
-	/* return error message (for debugging purposes) */
 	switch(JSON_G(error_code)) {
 		case PHP_JSON_ERROR_NONE:
 			RETURN_STRING("No error", 1);
@@ -783,6 +791,7 @@ static PHP_FUNCTION(json_last_error)
 		default:
 			RETURN_STRING("Unknown error", 1);
 	}
+
 }
 /* }}} */
 
diff --git a/ext/json/tests/003.phpt b/ext/json/tests/003.phpt
index 71874525a7..4ce5b0fde9 100644
--- a/ext/json/tests/003.phpt
+++ b/ext/json/tests/003.phpt
@@ -13,14 +13,12 @@ var_dump($a);
 echo "\n";
 
 var_dump(json_encode($a));
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 echo "\n";
 
 var_dump(json_encode($a, JSON_PARTIAL_OUTPUT_ON_ERROR));
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 echo "Done\n";
 ?>
diff --git a/ext/json/tests/004.phpt b/ext/json/tests/004.phpt
index 49c543edca..70ef3ffd1b 100644
--- a/ext/json/tests/004.phpt
+++ b/ext/json/tests/004.phpt
@@ -13,14 +13,12 @@ var_dump($a);
 echo "\n";
 
 var_dump(json_encode($a));
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 echo "\n";
 
 var_dump(json_encode($a, JSON_PARTIAL_OUTPUT_ON_ERROR));
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 echo "Done\n";
 ?>
diff --git a/ext/json/tests/007.phpt b/ext/json/tests/007.phpt
index 9ee190a24c..7557ac9ed7 100644
--- a/ext/json/tests/007.phpt
+++ b/ext/json/tests/007.phpt
@@ -5,15 +5,15 @@ json_last_error() tests
 --FILE--
 <?php
 var_dump(json_decode("[1]"));
-var_dump(json_last_error());
+var_dump(json_last_error(), json_last_error_msg());
 var_dump(json_decode("[[1]]", false, 2));
-var_dump(json_last_error());
+var_dump(json_last_error(), json_last_error_msg());
 var_dump(json_decode("[1}"));
-var_dump(json_last_error());
+var_dump(json_last_error(), json_last_error_msg());
 var_dump(json_decode('["' . chr(0) . 'abcd"]'));
-var_dump(json_last_error());
+var_dump(json_last_error(), json_last_error_msg());
 var_dump(json_decode("[1"));
-var_dump(json_last_error());
+var_dump(json_last_error(), json_last_error_msg());
 
 
 echo "Done\n";
@@ -24,13 +24,17 @@ array(1) {
   int(1)
 }
 int(0)
+string(8) "No error"
 NULL
 int(1)
+string(28) "Maximum stack depth exceeded"
 NULL
 int(2)
+string(42) "State mismatch (invalid or malformed JSON)"
 NULL
 int(3)
+string(53) "Control character error, possibly incorrectly encoded"
 NULL
 int(4)
+string(12) "Syntax error"
 Done
-
diff --git a/ext/json/tests/bug54058.phpt b/ext/json/tests/bug54058.phpt
index 2c2304578e..df1b3130f8 100644
--- a/ext/json/tests/bug54058.phpt
+++ b/ext/json/tests/bug54058.phpt
@@ -8,29 +8,25 @@ Bug #54058 (json_last_error() invalid UTF-8 produces wrong error)
 $bad_utf8 = quoted_printable_decode('=B0');
 
 json_encode($bad_utf8);
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 $a = new stdclass;
 $a->foo = quoted_printable_decode('=B0');
 json_encode($a);
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 $b = new stdclass;
 $b->foo = $bad_utf8;
 $b->bar = 1;
 json_encode($b);
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 $c = array(
     'foo' => $bad_utf8,
     'bar' => 1
 );
 json_encode($c);
-var_dump(json_last_error());
-var_dump(json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 ?>
 --EXPECTF--
diff --git a/ext/json/tests/bug61537.phpt b/ext/json/tests/bug61537.phpt
index f6bb02bae4..80ed051c9a 100644
--- a/ext/json/tests/bug61537.phpt
+++ b/ext/json/tests/bug61537.phpt
@@ -7,20 +7,20 @@ Bug #61537 (json_encode() incorrectly truncates/discards information)
 $invalid_utf8 = "\x9f";
 
 var_dump(json_encode($invalid_utf8));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 var_dump(json_encode($invalid_utf8, JSON_PARTIAL_OUTPUT_ON_ERROR));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 echo "\n";
 
 $invalid_utf8 = "an invalid sequen\xce in the middle of a string";
 
 var_dump(json_encode($invalid_utf8));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 var_dump(json_encode($invalid_utf8, JSON_PARTIAL_OUTPUT_ON_ERROR));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 ?>
 --EXPECTF--
diff --git a/ext/json/tests/inf_nan_error.phpt b/ext/json/tests/inf_nan_error.phpt
index f12e902d9f..f9deecc469 100644
--- a/ext/json/tests/inf_nan_error.phpt
+++ b/ext/json/tests/inf_nan_error.phpt
@@ -1,5 +1,7 @@
 --TEST--
 An error is thrown when INF or NaN are encoded
+--SKIPIF--
+<?php if (!extension_loaded("json")) print "skip"; ?>
 --FILE--
 <?php
 
@@ -8,10 +10,10 @@ $inf = INF;
 var_dump($inf);
 
 var_dump(json_encode($inf));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 var_dump(json_encode($inf, JSON_PARTIAL_OUTPUT_ON_ERROR));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 echo "\n";
 
@@ -20,10 +22,10 @@ $nan = NAN;
 var_dump($nan);
 
 var_dump(json_encode($nan));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 var_dump(json_encode($nan, JSON_PARTIAL_OUTPUT_ON_ERROR));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 ?>
 --EXPECTF--
 float(INF)
diff --git a/ext/json/tests/unsupported_type_error.phpt b/ext/json/tests/unsupported_type_error.phpt
index f36afb44a5..45a167a5ac 100644
--- a/ext/json/tests/unsupported_type_error.phpt
+++ b/ext/json/tests/unsupported_type_error.phpt
@@ -1,5 +1,7 @@
 --TEST--
 An error is thrown when an unsupported type is encoded
+--SKIPIF--
+<?php if (!extension_loaded("json")) print "skip"; ?>
 --FILE--
 <?php
 
@@ -8,10 +10,10 @@ $resource = fopen(__FILE__, "r");
 var_dump($resource);
 
 var_dump(json_encode($resource));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 var_dump(json_encode($resource, JSON_PARTIAL_OUTPUT_ON_ERROR));
-var_dump(json_last_error(), json_last_error(true));
+var_dump(json_last_error(), json_last_error_msg());
 
 ?>
 --EXPECTF--
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 9a1fcf1f69..27a8d82d0e 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -199,7 +199,7 @@ PHP_FUNCTION(crypt)
 			char *output;
 			int needed = (sizeof(sha512_salt_prefix) - 1
 						+ sizeof(sha512_rounds_prefix) + 9 + 1
-						+ strlen(salt) + 1 + 43 + 1);
+						+ salt_in_len + 1 + 86 + 1);
 			output = emalloc(needed);
 			salt[salt_in_len] = '\0';
 
@@ -214,7 +214,7 @@ PHP_FUNCTION(crypt)
 				RETVAL_STRING(output, 1);
 			}
 
-			memset(output, 0, PHP_MAX_SALT_LEN + 1);
+			memset(output, 0, needed);
 			efree(output);
 		} else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
 			const char sha256_salt_prefix[] = "$5$";
@@ -222,7 +222,7 @@ PHP_FUNCTION(crypt)
 			char *output;
 			int needed = (sizeof(sha256_salt_prefix) - 1
 						+ sizeof(sha256_rounds_prefix) + 9 + 1
-						+ strlen(salt) + 1 + 43 + 1);
+						+ salt_in_len + 1 + 43 + 1);
 			output = emalloc(needed);
 			salt[salt_in_len] = '\0';
 
@@ -237,7 +237,7 @@ PHP_FUNCTION(crypt)
 				RETVAL_STRING(output, 1);
 			}
 
-			memset(output, 0, PHP_MAX_SALT_LEN + 1);
+			memset(output, 0, needed);
 			efree(output);
 		} else if (
 				salt[0] == '$' &&
diff --git a/ext/standard/tests/strings/bug62443.phpt b/ext/standard/tests/strings/bug62443.phpt
new file mode 100644
index 0000000000..9e0dc38cfb
--- /dev/null
+++ b/ext/standard/tests/strings/bug62443.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bug #62443 Crypt SHA256/512 Segfaults With Malformed Salt
+--FILE--
+<?php
+crypt("foo", '$5$'.chr(0).'abc');
+crypt("foo", '$6$'.chr(0).'abc');
+echo "OK!";
+--EXPECT--
+OK!
author	andrey <andrey@php.net>	2012-06-29 14:41:01 +0300
committer	andrey <andrey@php.net>	2012-06-29 14:41:01 +0300
commit	a19d5c520c002aac28f0ce4f5622c3b919e011f0 (patch)
tree	aa081ce86d66b27edbc9f8cb799212ccb8623bbb
parent	08f4b3c3acf1d3264f8c2f67533bf5c27910644f (diff)
parent	d86b6ea35c5e0afefb373979cb743098178a0a07 (diff)
download	php-git-a19d5c520c002aac28f0ce4f5622c3b919e011f0.tar.gz