Commit: 83e3466898abcde99d0bd0b3dadc43b416e5cde6 Author: Anthony Ferrara <ircmax...@gmail.com> Wed, 21 Aug 2013 12:10:40 -0400 Parents: 4283f75c347a105e53ae38fc96e614671df53f1b Branches: PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=83e3466898abcde99d0bd0b3dadc43b416e5cde6 Log: Fix return types of password API helper functions. This fixes issues that were found during static analysis by cjones where failure was impossible to detect due to return type mangling (casting an int to a char, then comparing to an int). Changed paths: M NEWS M ext/standard/password.c Diff: diff --git a/NEWS b/NEWS index 1902520..75a0b3c 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,10 @@ PHP NEWS . Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize session serialize handler that uses plain serialize()). (Yasuo) +- Standard: + . Fix issue with return types of password API helper functions. Found via static + analysis by cjones. (Anthony Ferrara) + 22 Aug 2013, PHP 5.5.3 - Openssl: diff --git a/ext/standard/password.c b/ext/standard/password.c index 2127991..ca85203 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -66,20 +66,20 @@ static php_password_algo php_password_determine_algo(const char *hash, const siz return PHP_PASSWORD_UNKNOWN; } -static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ +static int php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ { size_t i = 0; for (i = 0; i < len; i++) { if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { - return 0; + return FAILURE; } } - return 1; + return SUCCESS; } /* }}} */ -static zend_bool php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ +static int php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ { size_t pos = 0; size_t ret_len = 0; @@ -108,7 +108,7 @@ static zend_bool php_password_salt_to64(const char *str, const size_t str_len, c } /* }}} */ -static zend_bool php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ +static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; size_t i, raw_length; @@ -395,7 +395,7 @@ PHP_FUNCTION(password_hash) efree(buffer); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); RETURN_NULL(); - } else if (0 == php_password_salt_is_alphabet(buffer, buffer_len)) { + } else if (php_password_salt_is_alphabet(buffer, buffer_len) == FAILURE) { salt = safe_emalloc(required_salt_len, 1, 1); if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE) { efree(hash_format); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
