pajoye Sun, 21 Feb 2010 23:47:14 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=295339
Advertising
Log:
- Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to
reject iteration counts encoded as 36 through 39. Previously, these would be
misinterpreted as being the same as 04 through 07. (Solar Designer)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c
U
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
U php/php-src/trunk/ext/standard/crypt_blowfish.c
U
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c 2010-02-21
23:44:00 UTC (rev 295338)
+++ php/php-src/branches/PHP_5_3/ext/standard/crypt_blowfish.c 2010-02-21
23:47:14 UTC (rev 295339)
@@ -606,6 +606,7 @@
setting[3] != '$' ||
setting[4] < '0' || setting[4] > '3' ||
setting[5] < '0' || setting[5] > '9' ||
+ (setting[4] == '3' && setting[5] > '1') ||
setting[6] != '$') {
__set_errno(EINVAL);
return NULL;
Modified:
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
===================================================================
---
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
2010-02-21 23:44:00 UTC (rev 295338)
+++
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
2010-02-21 23:47:14 UTC (rev 295339)
@@ -1,7 +1,5 @@
--TEST--
Test Blowfish crypt() with invalid rounds
---XFAIL--
-Needs a patch from Pierre
--FILE--
<?php
Modified: php/php-src/trunk/ext/standard/crypt_blowfish.c
===================================================================
--- php/php-src/trunk/ext/standard/crypt_blowfish.c 2010-02-21 23:44:00 UTC
(rev 295338)
+++ php/php-src/trunk/ext/standard/crypt_blowfish.c 2010-02-21 23:47:14 UTC
(rev 295339)
@@ -606,6 +606,7 @@
setting[3] != '$' ||
setting[4] < '0' || setting[4] > '3' ||
setting[5] < '0' || setting[5] > '9' ||
+ (setting[4] == '3' && setting[5] > '1') ||
setting[6] != '$') {
__set_errno(EINVAL);
return NULL;
Modified:
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
===================================================================
---
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
2010-02-21 23:44:00 UTC (rev 295338)
+++
php/php-src/trunk/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
2010-02-21 23:47:14 UTC (rev 295339)
@@ -1,7 +1,5 @@
--TEST--
Test Blowfish crypt() with invalid rounds
---XFAIL--
-Needs a patch from Pierre
--FILE--
<?php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
