stas Mon, 04 Jul 2011 23:38:09 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=312919
Log: fix crypt() issue with overlong salt Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/crypt.c A php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_variation1.phpt U php/php-src/branches/PHP_5_4/ext/standard/crypt.c A php/php-src/branches/PHP_5_4/ext/standard/tests/strings/crypt_variation1.phpt A php/php-src/trunk/ext/standard/tests/strings/crypt_variation1.phpt Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-07-04 23:22:24 UTC (rev 312918) +++ php/php-src/branches/PHP_5_3/NEWS 2011-07-04 23:38:09 UTC (rev 312919) @@ -4,6 +4,7 @@ - Core . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces) (Ralph Schindler, Dmitry) + . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) - PDO DBlib: . Fixed bug #54329 (MSSql extension memory leak). Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2011-07-04 23:22:24 UTC (rev 312918) +++ php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2011-07-04 23:38:09 UTC (rev 312919) @@ -179,6 +179,8 @@ salt[2] = '\0'; #endif salt_in_len = strlen(salt); + } else { + salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); } /* Windows (win32/crypt) has a stripped down version of libxcrypt and Added: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_variation1.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_variation1.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/strings/crypt_variation1.phpt 2011-07-04 23:38:09 UTC (rev 312919) @@ -0,0 +1,23 @@ +--TEST-- +crypt() function - long salt +--SKIPIF-- +<?php +if (!function_exists('crypt')) { + die("SKIP crypt() is not available"); +} +?> +--FILE-- +<?php + +$b = str_repeat("A", 124); +echo crypt("A", "$5$" . $b)."\n"; +$b = str_repeat("A", 125); +echo crypt("A", "$5$" . $b)."\n"; +$b = str_repeat("A", 4096); +echo crypt("A", "$5$" . $b)."\n"; + +?> +--EXPECTF-- +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 Modified: php/php-src/branches/PHP_5_4/ext/standard/crypt.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/crypt.c 2011-07-04 23:22:24 UTC (rev 312918) +++ php/php-src/branches/PHP_5_4/ext/standard/crypt.c 2011-07-04 23:38:09 UTC (rev 312919) @@ -179,6 +179,8 @@ salt[2] = '\0'; #endif salt_in_len = strlen(salt); + } else { + salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); } /* Windows (win32/crypt) has a stripped down version of libxcrypt and Added: php/php-src/branches/PHP_5_4/ext/standard/tests/strings/crypt_variation1.phpt =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/tests/strings/crypt_variation1.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/standard/tests/strings/crypt_variation1.phpt 2011-07-04 23:38:09 UTC (rev 312919) @@ -0,0 +1,23 @@ +--TEST-- +crypt() function - long salt +--SKIPIF-- +<?php +if (!function_exists('crypt')) { + die("SKIP crypt() is not available"); +} +?> +--FILE-- +<?php + +$b = str_repeat("A", 124); +echo crypt("A", "$5$" . $b)."\n"; +$b = str_repeat("A", 125); +echo crypt("A", "$5$" . $b)."\n"; +$b = str_repeat("A", 4096); +echo crypt("A", "$5$" . $b)."\n"; + +?> +--EXPECTF-- +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 Added: php/php-src/trunk/ext/standard/tests/strings/crypt_variation1.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/strings/crypt_variation1.phpt (rev 0) +++ php/php-src/trunk/ext/standard/tests/strings/crypt_variation1.phpt 2011-07-04 23:38:09 UTC (rev 312919) @@ -0,0 +1,23 @@ +--TEST-- +crypt() function - long salt +--SKIPIF-- +<?php +if (!function_exists('crypt')) { + die("SKIP crypt() is not available"); +} +?> +--FILE-- +<?php + +$b = str_repeat("A", 124); +echo crypt("A", "$5$" . $b)."\n"; +$b = str_repeat("A", 125); +echo crypt("A", "$5$" . $b)."\n"; +$b = str_repeat("A", 4096); +echo crypt("A", "$5$" . $b)."\n"; + +?> +--EXPECTF-- +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php