[PHP-CVS] com php-src: Merge branch 'PHP-5.3' into PHP-5.4: NEWS ext/standard/crypt.c

Thu, 28 Jun 2012 18:03:41 -0700 

Commit:    34ab5650bcea46825ed1f9021c5a52b161705c27
Author:    Anthony Ferrara <ircmax...@ircmaxell.com>         Thu, 28 Jun 2012 
20:36:21 -0400
Parents:   405ebfcd182a39f0960ff7d7055d49053d3e0316 
7e8276ca68fc622124d51d18e4f7b5cde3536de4
Branches:  PHP-5.4 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=34ab5650bcea46825ed1f9021c5a52b161705c27

Log:
Merge branch 'PHP-5.3' into PHP-5.4

* PHP-5.3:
  Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)

Bugs:
https://bugs.php.net/62443

Changed paths:
  MM  NEWS
  MM  ext/standard/crypt.c


Diff:
diff --cc NEWS
index b1de5f1,80d56bc..6821a7e
--- a/NEWS
+++ b/NEWS
@@@ -1,39 -1,39 +1,41 @@@
  PHP                                                                        
NEWS
  
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 -?? ??? 2012, PHP 5.3.15
 -- Zend Engine:
 -  . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that
 -    includes a semi-colon). (Pierrick)
 -
 -- COM:
 -  . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)
 +?? ??? 2012, PHP 5.4.5
  
  - Core:
 -  . Fixed CVE-2012-2143. (Solar Designer)
 -  . Fixed potential overflow in _php_stream_scandir. (Jason Powell,
 -    Stas)
 -  . Fixed bug #62432 (ReflectionMethod random corrupt memory on high
 -    concurrent). (Johannes)
 +  . Fixed bug #62357 (compile failure: (S) Arguments missing for built-in
 +    function __memcmp). (Laruence)
 +  . Fixed bug #61998 (Using traits with method aliases appears to result in
 +    crash during execution). (Dmitry)
 +  . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that
 +    includes a semi-colon). (Pierrick)
 +  . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). 
 +    (Jason Powell, Stas)
+   . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed 
+     Salt). (Anthony Ferrara)
  
 -- Fileinfo:
 -  . Fixed magic file regex support. (Felipe)
 +- EXIF:
 +  . Fixed information leak in ext exif (discovered by Martin Noga, 
 +    Matthew "j00ru" Jurczyk, Gynvael Coldwind)
  
  - FPM:
 -  . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat)
 +  . Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat)
 +  . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat)
 +  . Fixed bug #62153 (when using unix sockets, multiples FPM instances
 +  . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start).
 +    (fat)
 +  . Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat)
    . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat)
    . Fixed bug #61295 (php-fpm should not fail with commented 'user'
 +  . Fixed bug #61218 (FPM drops connection while receiving some binary values
 +    in FastCGI requests). (fat)
 +  . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat)
      for non-root start). (fat)
    . Fixed bug #61026 (FPM pools can listen on the same address). (fat)
 -  . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start).
 -    (fat)
 -  . Fixed bug #62153 (when using unix sockets, multiples FPM instances
      can be launched without errors). (fat)
 -  . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat)
 -  . Fixed bug #61218 (FPM drops connection while receiving some binary values
 -    in FastCGI requests). (fat)
 -  . Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat)
 +
 +- Iconv:
 +  . Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas)
  
  - Intl:
    . Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo)
diff --cc ext/standard/crypt.c
index 9a1fcf1,2eb4fc3..3ade86a
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@@ -199,8 -199,8 +199,8 @@@ PHP_FUNCTION(crypt
                        char *output;
                        int needed = (sizeof(sha512_salt_prefix) - 1
                                                + sizeof(sha512_rounds_prefix) 
+ 9 + 1
-                                               + strlen(salt) + 1 + 43 + 1);
+                                               + PHP_MAX_SALT_LEN + 1 + 43 + 
1);
 -                      output = emalloc(needed * sizeof(char *));
 +                      output = emalloc(needed);
                        salt[salt_in_len] = '\0';
  
                        crypt_res = php_sha512_crypt_r(str, salt, output, 
needed);
@@@ -222,8 -222,8 +222,8 @@@
                        char *output;
                        int needed = (sizeof(sha256_salt_prefix) - 1
                                                + sizeof(sha256_rounds_prefix) 
+ 9 + 1
-                                               + strlen(salt) + 1 + 43 + 1);
+                                               + PHP_MAX_SALT_LEN + 1 + 43 + 
1);
 -                      output = emalloc(needed * sizeof(char *));
 +                      output = emalloc(needed);
                        salt[salt_in_len] = '\0';
  
                        crypt_res = php_sha256_crypt_r(str, salt, output, 
needed);


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to