gwynne          Fri, 17 Jul 2009 14:21:31 +0000

URL: http://svn.php.net/viewvc?view=revision&revision=284267

Changed paths:
        U   php/php-src/trunk/ext/session/session.c
        A   php/php-src/trunk/ext/session/tests/031.phpt

Log:
fix crash when session hash function generated long hashes with
hash_bits_per_character larger than 4

Modified: php/php-src/trunk/ext/session/session.c
===================================================================
--- php/php-src/trunk/ext/session/session.c     2009-07-17 14:11:45 UTC (rev 
284266)
+++ php/php-src/trunk/ext/session/session.c     2009-07-17 14:21:31 UTC (rev 
284267)
@@ -284,7 +284,7 @@
        unsigned char *digest;
        int digest_len;
        int j;
-       char *buf;
+       char *buf, *outid;
        struct timeval tv;
        zval **array;
        zval **token;
@@ -332,6 +332,7 @@
                        efree(buf);
                        return NULL;
        }
+       efree(buf);

        if (PS(entropy_length) > 0) {
                int fd;
@@ -388,19 +389,15 @@
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "The ini setting 
hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for 
now");
        }

-       if (PS_ID_INITIAL_SIZE < ((digest_len + 2) * (8 / 
PS(hash_bits_per_character))) ) {
-               /* 100 bytes is enough for most, but not all hash algos */
-               buf = erealloc(buf, (digest_len + 2) * (8 / 
PS(hash_bits_per_character)) );
-       }
-
-       j = (int) (bin_to_readable((char *)digest, digest_len, buf, 
PS(hash_bits_per_character)) - buf);
+       outid = emalloc((digest_len + 2) * ((8.0f / 
PS(hash_bits_per_character)) + 0.5));
+       j = (int) (bin_to_readable((char *)digest, digest_len, outid, 
PS(hash_bits_per_character)) - outid);
        efree(digest);

        if (newlen) {
                *newlen = j;
        }

-       return buf;
+       return outid;
 }
 /* }}} */


Added: php/php-src/trunk/ext/session/tests/031.phpt
===================================================================
--- php/php-src/trunk/ext/session/tests/031.phpt                                
(rev 0)
+++ php/php-src/trunk/ext/session/tests/031.phpt        2009-07-17 14:21:31 UTC 
(rev 284267)
@@ -0,0 +1,22 @@
+--TEST--
+setting hash_function to sha512 and hash_bits_per_character > 4 should not 
crash
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.use_cookies=0
+session.cache_limiter=
+session.serialize_handler=php
+session.save_handler=files
+session.hash_function=sha512
+session.hash_bits_per_character=5
+--FILE--
+<?php
+error_reporting(E_ALL);
+
+session_start();
+session_regenerate_id(TRUE);
+
+print "I live\n";
+?>
+--EXPECT--
+I live

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to