pajoye Sun, 21 Feb 2010 23:47:14 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=295339
Log: - Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to reject iteration counts encoded as 36 through 39. Previously, these would be misinterpreted as being the same as 04 through 07. (Solar Designer) Changed paths: U php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c U php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt U php/php-src/trunk/ext/standard/crypt_blowfish.c U php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c 2010-02-21 23:44:00 UTC (rev 295338) +++ php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c 2010-02-21 23:47:14 UTC (rev 295339) @@ -606,6 +606,7 @@ setting[3] != '$' || setting[4] < '0' || setting[4] > '3' || setting[5] < '0' || setting[5] > '9' || + (setting[4] == '3' && setting[5] > '1') || setting[6] != '$') { __set_errno(EINVAL); return NULL; Modified: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt 2010-02-21 23:44:00 UTC (rev 295338) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt 2010-02-21 23:47:14 UTC (rev 295339) @@ -1,7 +1,5 @@ --TEST-- Test Blowfish crypt() with invalid rounds ---XFAIL-- -Needs a patch from Pierre --FILE-- <?php Modified: php/php-src/trunk/ext/standard/crypt_blowfish.c =================================================================== --- php/php-src/trunk/ext/standard/crypt_blowfish.c 2010-02-21 23:44:00 UTC (rev 295338) +++ php/php-src/trunk/ext/standard/crypt_blowfish.c 2010-02-21 23:47:14 UTC (rev 295339) @@ -606,6 +606,7 @@ setting[3] != '$' || setting[4] < '0' || setting[4] > '3' || setting[5] < '0' || setting[5] > '9' || + (setting[4] == '3' && setting[5] > '1') || setting[6] != '$') { __set_errno(EINVAL); return NULL; Modified: php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt 2010-02-21 23:44:00 UTC (rev 295338) +++ php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt 2010-02-21 23:47:14 UTC (rev 295339) @@ -1,7 +1,5 @@ --TEST-- Test Blowfish crypt() with invalid rounds ---XFAIL-- -Needs a patch from Pierre --FILE-- <?php
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php