diff options
author | Anatol Belski <ab@php.net> | 2017-10-24 14:04:08 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2017-10-24 14:31:57 +0200 |
commit | 9d07af2a69a364009690d07f356e4dd6c81a7c8a (patch) | |
tree | 677a5917ea4bee13d5967fce2ca3fae68bcd17cf | |
parent | cb276ceedc4f7285c1d241d6c7f2c7c8ff763df7 (diff) | |
download | php-git-9d07af2a69a364009690d07f356e4dd6c81a7c8a.tar.gz |
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Fixed bug #72535 arcfour encryption stream filter crashes php
(cherry picked from commit 968c8fc0d5f05f4abfc7caa4726cbfae6a5d0bf8)
-rw-r--r-- | ext/mcrypt/mcrypt_filter.c | 2 | ||||
-rw-r--r-- | ext/mcrypt/tests/bug72535.phpt | 23 |
2 files changed, 24 insertions, 1 deletions
diff --git a/ext/mcrypt/mcrypt_filter.c b/ext/mcrypt/mcrypt_filter.c index 93be0511c7..f848d6468a 100644 --- a/ext/mcrypt/mcrypt_filter.c +++ b/ext/mcrypt/mcrypt_filter.c @@ -89,7 +89,7 @@ static php_stream_filter_status_t php_mcrypt_filter( php_stream_bucket_delref(bucket); } else { /* Stream cipher */ - php_stream_bucket_make_writeable(bucket); + bucket = php_stream_bucket_make_writeable(bucket); if (data->encrypt) { mcrypt_generic(data->module, bucket->buf, (int)bucket->buflen); } else { diff --git a/ext/mcrypt/tests/bug72535.phpt b/ext/mcrypt/tests/bug72535.phpt new file mode 100644 index 0000000000..9e6d8333f9 --- /dev/null +++ b/ext/mcrypt/tests/bug72535.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #72535 arcfour encryption stream filter crashes php +--SKIPIF-- +<?php if (!extension_loaded("mcrypt")) print "skip"; ?> +--FILE-- +<?php +$passphrase = 'My secret'; +$plaintext = 'Secret secret secret data'; + +$iv = substr(md5('iv' . $passphrase, true), 0, 8); +$key = substr(md5('pass1' . $passphrase, true) . + md5('pass2' . $passphrase, true), 0, 24); +$opts = array('iv' => $iv, 'key' => $key, 'mode' => 'stream'); + +$expected = substr($plaintext . $plaintext, 0, 48); + +$fp = fopen('php://memory', 'wb+'); +stream_filter_append($fp, 'mcrypt.arcfour', STREAM_FILTER_WRITE, $opts); +fwrite($fp, $plaintext); +?> +==NOCRASH== +--EXPECT-- +==NOCRASH== |