pajoye                                   Sun, 21 Feb 2010 23:47:14 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=295339

Log:
- Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to
  reject iteration counts encoded as 36 through 39.  Previously, these would be
  misinterpreted as being the same as 04 through 07. (Solar Designer)

Changed paths:
    U   php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c
    U   
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
    U   php/php-src/trunk/ext/standard/crypt_blowfish.c
    U   
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt

Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c  2010-02-21 
23:44:00 UTC (rev 295338)
+++ php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c  2010-02-21 
23:47:14 UTC (rev 295339)
@@ -606,6 +606,7 @@
            setting[3] != '$' ||
            setting[4] < '0' || setting[4] > '3' ||
            setting[5] < '0' || setting[5] > '9' ||
+           (setting[4] == '3' && setting[5] > '1') ||
            setting[6] != '$') {
                __set_errno(EINVAL);
                return NULL;

Modified: 
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
===================================================================
--- 
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
  2010-02-21 23:44:00 UTC (rev 295338)
+++ 
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
  2010-02-21 23:47:14 UTC (rev 295339)
@@ -1,7 +1,5 @@
 --TEST--
 Test Blowfish crypt() with invalid rounds
---XFAIL--
-Needs a patch from Pierre
 --FILE--
 <?php


Modified: php/php-src/trunk/ext/standard/crypt_blowfish.c
===================================================================
--- php/php-src/trunk/ext/standard/crypt_blowfish.c     2010-02-21 23:44:00 UTC 
(rev 295338)
+++ php/php-src/trunk/ext/standard/crypt_blowfish.c     2010-02-21 23:47:14 UTC 
(rev 295339)
@@ -606,6 +606,7 @@
            setting[3] != '$' ||
            setting[4] < '0' || setting[4] > '3' ||
            setting[5] < '0' || setting[5] > '9' ||
+           (setting[4] == '3' && setting[5] > '1') ||
            setting[6] != '$') {
                __set_errno(EINVAL);
                return NULL;

Modified: 
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
===================================================================
--- 
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt 
    2010-02-21 23:44:00 UTC (rev 295338)
+++ 
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt 
    2010-02-21 23:47:14 UTC (rev 295339)
@@ -1,7 +1,5 @@
 --TEST--
 Test Blowfish crypt() with invalid rounds
---XFAIL--
-Needs a patch from Pierre
 --FILE--
 <?php


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to