[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to it? Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch wrote: > On Mon, February 27, 2012 2:31 am, Laruence wrote: >> On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov >> wrote: >>> Hi Laruence, >>> >>> The attached patch looks wired. The patch on top of it (r323563) >>> makes it >>> better. However, in my opinion it fixes a common problem just in a >>> single >>> place. Each call to __toString() that makes "side effects" may cause >>> the >>> similar problem. It would be great to make a "right" fix in >>> zend_std_cast_object_tostring() itself, but probably it would >>> require API >> Hi: >> before this fix, I thought about the same idea of that. >> >> but, you know, such change will need all exts who implmented >> their own cast_object handler change there codes too. >> >> for now, I exam the usage of std_cast_object_tostring, most of >> them do the similar things like this fix to avoid this issues(like >> ZEND_CAST handler). >> >> so I think, maybe it's okey for a temporary fix :) > > Perhaps a better solution would be to make a NEW function that uses > zval** and deprecate the old one with memory leaks. > > Old extensions remain functional, new extension consume less memory. > > (This presumes I actually understand the issue, which is questionable.) > > -- > brain cancer update: > http://richardlynch.blogspot.com/search/label/brain%20tumor > Donate: > https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=FS9NLTNEEKWBE > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
I initially looked at the final fix when I discovered the issue. Follow me out on this. This is the current code as-implemented in r323563: 265 zval *obj; 266 MAKE_STD_ZVAL(obj); 267 if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { 268 zval_ptr_dtor(arg); 269 *arg = obj; 270 *pl = Z_STRLEN_PP(arg); 271 *p = Z_STRVAL_PP(arg); 272 return SUCCESS; 273 } 274 efree(obj); The issue that I originally identified (overwriting the argument pointer) is still happening. Is there any reason for overwriting the arg pointer? Wouldn't it be better to just do the Z_STRLEN_PP and Z_STRVAL_PP operations on obj instead, and zval_ptr_dtor it as well (instead of efree, as that way if a reference is stored somewhere it won't result in a double free, or a segfault for accessing freed memory)? Thanks, Anthony On Mon, Feb 27, 2012 at 11:39 AM, Xinchen Hui wrote: > Sent from my iPad > > 在 2012-2-28,0:10,Anthony Ferrara 写道: > >> Out of curiosity, why are you changing it to copy the object for the >> result of the cast operation? cast_object should init the result >> zval, so why go through the step of copying the starting object to > plz look at the final fix: r323563 > > thanks >> r323563 >> Wouldn't it be easier just to do: >> >> if (Z_OBJ_HANDLER_PP(arg, cast_object)) { >> zval *result; >> ALLOC_ZVAL(result); >> if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) >> == SUCCESS) { >> zval_ptr_dtor(arg); >> *pl = Z_STRLEN_PP(result); >> *p = Z_STRVAL_PP(result); >> zval_ptr_dtor(result); >> return SUCCESS; >> } >> zval_ptr_dtor(result); >> } >> >> Keeping both completely separate, and not having the possibility of >> corrupting the arg object pointer? As it is right now (with the patch >> in the first mail), wouldn't the possibility still exist of nuking the >> arg object pointer which could be used elsewhere (and hence cause the >> memory leak and segfault when that variable is referenced again)? >> >> (Un tested as of yet, just throwing it out there as it seems kind of >> weird to overwrite the arg pointer for what seems like no reason)... >> >> Anthony >> >> >> >> On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch wrote: >>> On Mon, February 27, 2012 2:31 am, Laruence wrote: >>>> On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov >>>> wrote: >>>>> Hi Laruence, >>>>> >>>>> The attached patch looks wired. The patch on top of it (r323563) >>>>> makes it >>>>> better. However, in my opinion it fixes a common problem just in a >>>>> single >>>>> place. Each call to __toString() that makes "side effects" may cause >>>>> the >>>>> similar problem. It would be great to make a "right" fix in >>>>> zend_std_cast_object_tostring() itself, but probably it would >>>>> require API >>>> Hi: >>>> before this fix, I thought about the same idea of that. >>>> >>>> but, you know, such change will need all exts who implmented >>>> their own cast_object handler change there codes too. >>>> >>>> for now, I exam the usage of std_cast_object_tostring, most of >>>> them do the similar things like this fix to avoid this issues(like >>>> ZEND_CAST handler). >>>> >>>> so I think, maybe it's okey for a temporary fix :) >>> >>> Perhaps a better solution would be to make a NEW function that uses >>> zval** and deprecate the old one with memory leaks. >>> >>> Old extensions remain functional, new extension consume less memory. >>> >>> (This presumes I actually understand the issue, which is questionable.) >>> >>> -- >>> brain cancer update: >>> http://richardlynch.blogspot.com/search/label/brain%20tumor >>> Donate: >>> https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=FS9NLTNEEKWBE >>> >>> >>> >>> -- >>> PHP Internals - PHP Runtime Development Mailing List >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.3' into PHP-5.4: NEWS ext/standard/crypt.c
Commit:34ab5650bcea46825ed1f9021c5a52b161705c27 Author:Anthony Ferrara Thu, 28 Jun 2012 20:36:21 -0400 Parents: 405ebfcd182a39f0960ff7d7055d49053d3e0316 7e8276ca68fc622124d51d18e4f7b5cde3536de4 Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=34ab5650bcea46825ed1f9021c5a52b161705c27 Log: Merge branch 'PHP-5.3' into PHP-5.4 * PHP-5.3: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt) Bugs: https://bugs.php.net/62443 Changed paths: MM NEWS MM ext/standard/crypt.c Diff: diff --cc NEWS index b1de5f1,80d56bc..6821a7e --- a/NEWS +++ b/NEWS @@@ -1,39 -1,39 +1,41 @@@ PHP NEWS ||| -?? ??? 2012, PHP 5.3.15 -- Zend Engine: - . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that -includes a semi-colon). (Pierrick) - -- COM: - . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) +?? ??? 2012, PHP 5.4.5 - Core: - . Fixed CVE-2012-2143. (Solar Designer) - . Fixed potential overflow in _php_stream_scandir. (Jason Powell, -Stas) - . Fixed bug #62432 (ReflectionMethod random corrupt memory on high -concurrent). (Johannes) + . Fixed bug #62357 (compile failure: (S) Arguments missing for built-in +function __memcmp). (Laruence) + . Fixed bug #61998 (Using traits with method aliases appears to result in +crash during execution). (Dmitry) + . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that +includes a semi-colon). (Pierrick) + . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). +(Jason Powell, Stas) + . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed + Salt). (Anthony Ferrara) -- Fileinfo: - . Fixed magic file regex support. (Felipe) +- EXIF: + . Fixed information leak in ext exif (discovered by Martin Noga, +Matthew "j00ru" Jurczyk, Gynvael Coldwind) - FPM: - . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) + . Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat) + . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat) + . Fixed bug #62153 (when using unix sockets, multiples FPM instances + . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). +(fat) + . Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat) . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat) . Fixed bug #61295 (php-fpm should not fail with commented 'user' + . Fixed bug #61218 (FPM drops connection while receiving some binary values +in FastCGI requests). (fat) + . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start). (fat) . Fixed bug #61026 (FPM pools can listen on the same address). (fat) - . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). -(fat) - . Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors). (fat) - . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat) - . Fixed bug #61218 (FPM drops connection while receiving some binary values -in FastCGI requests). (fat) - . Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat) + +- Iconv: + . Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas) - Intl: . Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo) diff --cc ext/standard/crypt.c index 9a1fcf1,2eb4fc3..3ade86a --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@@ -199,8 -199,8 +199,8 @@@ PHP_FUNCTION(crypt char *output; int needed = (sizeof(sha512_salt_prefix) - 1 + sizeof(sha512_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); + + PHP_MAX_SALT_LEN + 1 + 43 + 1); - output = emalloc(needed * sizeof(char *)); + output = emalloc(needed); salt[salt_in_len] = '\0'; crypt_res = php_sha512_crypt_r(str, salt, output, needed); @@@ -222,8 -222,8 +222,8 @@@ char *output; int needed = (sizeof(sha256_salt_prefix) - 1 + sizeof(sha256_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); + + PHP_MAX_SALT_LEN + 1 + 43 + 1); - output = emalloc(needed * sizeof(char *)); + output = emalloc(needed); salt[salt_in
[PHP-CVS] com php-src: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt): NEWS ext/standard/crypt.c ext/standard/tests/strings/bug62443.phpt
Commit:7e8276ca68fc622124d51d18e4f7b5cde3536de4 Author:Anthony Ferrara Thu, 28 Jun 2012 20:00:03 -0400 Parents: 974324676b2436f159f42d9241c569f813471684 Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7e8276ca68fc622124d51d18e4f7b5cde3536de4 Log: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt) Fixed a memory allocation bug in crypt() SHA256/512 that can cause segmentation faults when passed in salts with a null byte early. Bugs: https://bugs.php.net/62443 Changed paths: M NEWS M ext/standard/crypt.c A ext/standard/tests/strings/bug62443.phpt Diff: diff --git a/NEWS b/NEWS index 520aa19..80d56bc 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,8 @@ PHP NEWS Stas) . Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent). (Johannes) + . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed +Salt). (Anthony Ferrara) - Fileinfo: . Fixed magic file regex support. (Felipe) diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index e0d90e7..2eb4fc3 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -199,7 +199,7 @@ PHP_FUNCTION(crypt) char *output; int needed = (sizeof(sha512_salt_prefix) - 1 + sizeof(sha512_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); + + PHP_MAX_SALT_LEN + 1 + 43 + 1); output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; @@ -222,7 +222,7 @@ PHP_FUNCTION(crypt) char *output; int needed = (sizeof(sha256_salt_prefix) - 1 + sizeof(sha256_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); + + PHP_MAX_SALT_LEN + 1 + 43 + 1); output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; diff --git a/ext/standard/tests/strings/bug62443.phpt b/ext/standard/tests/strings/bug62443.phpt new file mode 100644 index 000..9e0dc38 --- /dev/null +++ b/ext/standard/tests/strings/bug62443.phpt @@ -0,0 +1,9 @@ +--TEST-- +Bug #62443 Crypt SHA256/512 Segfaults With Malformed Salt +--FILE-- +http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.4': NEWS
Commit:63318772ae2fc3b69391f38764b3ab9e834e9120 Author:Anthony Ferrara Thu, 28 Jun 2012 20:38:31 -0400 Parents: cd7ab5cd11f156d58306539f6298f1661bf06cab 34ab5650bcea46825ed1f9021c5a52b161705c27 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=63318772ae2fc3b69391f38764b3ab9e834e9120 Log: Merge branch 'PHP-5.4' * PHP-5.4: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt) Bugs: https://bugs.php.net/62443 Changed paths: MM NEWS Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Restore old NEWS file, and re-add new entry.: NEWS
Commit:e778b03307ef51a501136f6876495dc2e7409e41 Author:Anthony Ferrara Thu, 28 Jun 2012 22:43:59 -0400 Parents: da5fb9cb98aca68d85d89a40244d4941d8442310 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e778b03307ef51a501136f6876495dc2e7409e41 Log: Restore old NEWS file, and re-add new entry. This fixes a merge artifact where the 5.4 NEWS file was accidentally brought in. Changed paths: M NEWS diff --git a/NEWS b/NEWS index 1b658c7..e76c564 100644 --- a/NEWS +++ b/NEWS @@ -2,338 +2,6 @@ PHP NEWS ||| ?? ??? 201?, PHP 5.5.0 -- Core: - . Fixed bug #62357 (compile failure: (S) Arguments missing for built-in -function __memcmp). (Laruence) - . Fixed bug #61998 (Using traits with method aliases appears to result in -crash during execution). (Dmitry) - . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that -includes a semi-colon). (Pierrick) - . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). -(Jason Powell, Stas) - . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed -Salt). (Anthony Ferrara) - -- EXIF: - . Fixed information leak in ext exif (discovered by Martin Noga, -Matthew "j00ru" Jurczyk, Gynvael Coldwind) - -- FPM: - . Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat) - . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat) - . Fixed bug #62153 (when using unix sockets, multiples FPM instances - . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). -(fat) - . Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat) - . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat) - . Fixed bug #61295 (php-fpm should not fail with commented 'user' - . Fixed bug #61218 (FPM drops connection while receiving some binary values -in FastCGI requests). (fat) - . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) -for non-root start). (fat) - . Fixed bug #61026 (FPM pools can listen on the same address). (fat) -can be launched without errors). (fat) - -- Iconv: - . Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas) - -- Intl: - . Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo) - . ResourceBundle constructor now accepts NULL for the first two arguments. -(Gustavo) - . Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called -twice). (Gustavo) - . Fixed bug #62070 (Collator::getSortKey() returns garbage). (Gustavo) - . Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks -pattern). (Gustavo) - -- libxml: - . Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM -SAPI). (Gustavo) - -- Readline: - . Fixed bug #62186 (readline fails to compile - void function should not -return a value). (Johannes) - -- Reflection: - . Fixed bug #62384 (Attempting to invoke a Closure more than once causes -segfault). (Felipe) - . Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks -with constant). (Laruence) - -- Sockets: - . Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe) - -- XML Writer: - . Fixed bug #62064 (memory leak in the XML Writer module). -(jean-pierre dot lozi at lip6 dot fr) - -- Zip: - . Upgraded libzip to 0.10.1 (Anatoliy) - -14 Jun 2012, PHP 5.4.4 - -- COM: - . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) - -- CLI Server: - . Implemented FR #61977 (Need CLI web-server support for files with .htm & -svg extensions). (Sixd, Laruence) - . Improved performance while sending error page, this also fixed -bug #61785 (Memory leak when access a non-exists file without router). -(Laruence) - . Fixed bug #61546 (functions related to current script failed when chdir() -in cli sapi). (Laruence, reeze@gmail.com) - -- CURL: - . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). -(Laruence) - -- Core: - . Fixed missing bound check in iptcparse(). (chris at chiappa.net) - . Fixed CVE-2012-2143. (Solar Designer) - . Fixed bug #62097 (fix for for bug #54547). (Gustavo) - . Fixed bug #62005 (unexpected behavior when incrementally assigning to a -member of a null object). (Laruence) - . Fixed bug #61978 (Object recursion not detected for classes that implement -JsonSerializable). (Felipe) - . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) - . Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config). -(Laruence) - . Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy) - . Fixed bug #61782 (__clone/__destruct do not match other methods when checking -access controls). (Stas) - . Fixed bug
[PHP-CVS] com php-src: Fix two issues with run-tests.php: run-tests.php
Commit:26b37f1792dfaf9b0b30f81e492c8f68b9ece571 Author:Anthony Ferrara Fri, 6 Jul 2012 22:37:50 -0400 Parents: 157ddd95773114c1148536b4b32fcbedf0c79b20 Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=26b37f1792dfaf9b0b30f81e492c8f68b9ece571 Log: Fix two issues with run-tests.php 1. E_STRICT error due to passing return of array_intersect() into reset() directly 2. Details in junit output can produce invalid UTF-8 and XML due to unescaped characters Changed paths: M run-tests.php Diff: diff --git a/run-tests.php b/run-tests.php index 2a46986..302167a 100755 --- a/run-tests.php +++ b/run-tests.php @@ -2668,12 +2668,15 @@ function junit_mark_test_as($type, $file_name, $test_name, $time = null, $messag $time = null !== $time ? $time : junit_get_timer($file_name); junit_suite_record($suite, 'execution_time', $time); + $escaped_details = htmlspecialchars($details, ENT_QUOTES, 'UTF-8'); + $escaped_test_name = basename($file_name) . ' - ' . htmlspecialchars($test_name, ENT_QUOTES); $JUNIT['files'][$file_name]['xml'] = "\n"; if (is_array($type)) { $output_type = $type[0] . 'ED'; - $type = reset(array_intersect(array('XFAIL', 'FAIL'), $type)); + $temp = array_intersect(array('XFAIL', 'FAIL'), $type); + $type = reset($temp); } else { $output_type = $type . 'ED'; } @@ -2688,10 +2691,10 @@ function junit_mark_test_as($type, $file_name, $test_name, $time = null, $messag $JUNIT['files'][$file_name]['xml'] .= "$message\n"; } elseif('FAIL' == $type) { junit_suite_record($suite, 'test_fail'); - $JUNIT['files'][$file_name]['xml'] .= "$details\n"; + $JUNIT['files'][$file_name]['xml'] .= "$escaped_details\n"; } else { junit_suite_record($suite, 'test_error'); - $JUNIT['files'][$file_name]['xml'] .= "$details\n"; + $JUNIT['files'][$file_name]['xml'] .= "$escaped_details\n"; } $JUNIT['files'][$file_name]['xml'] .= "\n"; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.4': run-tests.php
Commit:6abd7365d041f07ab2ac16de22091e6b3065d69b Author:Anthony Ferrara Fri, 6 Jul 2012 22:39:32 -0400 Parents: ed54357fcded8849c6830fa80b42bdde4650fdb8 79ed100c19667ecf8b8fcb445bd52bf8c22cee0a Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=6abd7365d041f07ab2ac16de22091e6b3065d69b Log: Merge branch 'PHP-5.4' * PHP-5.4: Fix two issues with run-tests.php Changed paths: MM run-tests.php Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: More cleanup of documentation and comments, as well as code formatting: ext/hash/hash.c
Commit:03536e889ad29ed3b6153aafa77b647bdcfe2592 Author:Anthony Ferrara Tue, 12 Jun 2012 15:05:44 -0400 Parents: 2f1cd2cb1377bac9093ab539d936dd6c4a913916 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=03536e889ad29ed3b6153aafa77b647bdcfe2592 Log: More cleanup of documentation and comments, as well as code formatting Changed paths: M ext/hash/hash.c Diff: diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 74c86a8..957575d 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -205,14 +205,14 @@ PHP_FUNCTION(hash_file) static inline void php_hash_string_xor_char(unsigned char *out, const unsigned char *in, const unsigned char xor_with, const int length) { int i; - for(i=0; i < length; i++) { + for (i=0; i < length; i++) { out[i] = in[i] ^ xor_with; } } static inline void php_hash_string_xor(unsigned char *out, const unsigned char *in, const unsigned char *xor_with, const int length) { int i; - for(i=0; i < length; i++) { + for (i=0; i < length; i++) { out[i] = in[i] ^ xor_with[i]; } } @@ -687,6 +687,11 @@ PHP_FUNCTION(hash_pbkdf2) /* temp = digest */ memcpy(temp, digest, ops->digest_size); + + /* +* Note that the loop starting at 1 is intentional, since we've already done +* the first round of the algorithm. +*/ for (j = 1; j < iterations; j++) { /* digest = hash_hmac(digest, password) { */ php_hash_hmac_round(digest, ops, context, K1, digest, ops->digest_size); @@ -698,7 +703,7 @@ PHP_FUNCTION(hash_pbkdf2) /* result += temp */ memcpy(result + ((i - 1) * ops->digest_size), temp, ops->digest_size); } - /* Zero potentiall sensitive variables */ + /* Zero potentially sensitive variables */ memset(K1, 0, ops->block_size); memset(K2, 0, ops->block_size); memset(computed_salt, 0, salt_len + 4); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix tests to use proper casing: ext/hash/tests/hash_pbkdf2_error.phpt
Commit:2f1cd2cb1377bac9093ab539d936dd6c4a913916 Author:Anthony Ferrara Tue, 12 Jun 2012 14:52:43 -0400 Parents: 43eb8dc04af1480b3caa62d252ede28dcb059c7b Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=2f1cd2cb1377bac9093ab539d936dd6c4a913916 Log: Fix tests to use proper casing Changed paths: M ext/hash/tests/hash_pbkdf2_error.phpt Diff: diff --git a/ext/hash/tests/hash_pbkdf2_error.phpt b/ext/hash/tests/hash_pbkdf2_error.phpt index 6b827da..fd70cca 100644 --- a/ext/hash/tests/hash_pbkdf2_error.phpt +++ b/ext/hash/tests/hash_pbkdf2_error.phpt @@ -67,12 +67,12 @@ hash_pbkdf2(): Unknown hashing algorithm: foo -- Testing hash_pbkdf2() function with invalid iterations -- bool(false) -hash_pbkdf2(): Iterations Must Be A Positive Integer: 0 +hash_pbkdf2(): Iterations must be a positive integer: 0 bool(false) -hash_pbkdf2(): Iterations Must Be A Positive Integer: -1 +hash_pbkdf2(): Iterations must be a positive integer: -1 -- Testing hash_pbkdf2() function with invalid length -- bool(false) -hash_pbkdf2(): Length Must Be Greater Than Or Equal To 0: -1 +hash_pbkdf2(): Length must be greater than or equal to 0: -1 ===Done=== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Remove un-needed memset, and replacing stray spaces: ext/hash/hash.c
Commit:43eb8dc04af1480b3caa62d252ede28dcb059c7b Author:Anthony Ferrara Tue, 12 Jun 2012 14:32:21 -0400 Parents: df3d351cad7ecc2b6087e7f26edf6fa8b22cd960 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=43eb8dc04af1480b3caa62d252ede28dcb059c7b Log: Remove un-needed memset, and replacing stray spaces Changed paths: M ext/hash/hash.c Diff: diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 40023f7..74c86a8 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -652,7 +652,6 @@ PHP_FUNCTION(hash_pbkdf2) temp = emalloc(ops->digest_size); /* Setup Keys that will be used for all hmac rounds */ - memset(K2, 0, ops->block_size); php_hash_hmac_prep_key(K1, ops, context, (unsigned char *) pass, pass_len); /* Convert K1 to opad -- 0x6A = 0x36 ^ 0x5C */ php_hash_string_xor_char(K2, K1, 0x6A, ops->block_size); @@ -661,7 +660,7 @@ PHP_FUNCTION(hash_pbkdf2) if (length == 0) { length = ops->digest_size; } -digest_length = length; + digest_length = length; if (!raw_output) { digest_length = (long) ceil((float) length / 2.0); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Update error messages to be more inline with PHP standards: ext/hash/hash.c
Commit:df3d351cad7ecc2b6087e7f26edf6fa8b22cd960 Author:Anthony Ferrara Tue, 12 Jun 2012 14:10:35 -0400 Parents: 4918a6bd23f907b6712bdd04fcd265a411b0 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=df3d351cad7ecc2b6087e7f26edf6fa8b22cd960 Log: Update error messages to be more inline with PHP standards Changed paths: M ext/hash/hash.c Diff: diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 71f3753..40023f7 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -629,12 +629,12 @@ PHP_FUNCTION(hash_pbkdf2) } if (iterations <= 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Iterations Must Be A Positive Integer: %ld", iterations); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Iterations must be a positive integer: %ld", iterations); RETURN_FALSE; } if (length < 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length Must Be Greater Than Or Equal To 0: %ld", length); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length must be greater than or equal to 0: %ld", length); RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: refactor away un-necessary casts in hashing routines: ext/hash/hash.c
Commit:4918a6bd23f907b6712bdd04fcd265a411b0 Author:Anthony Ferrara Tue, 12 Jun 2012 14:09:16 -0400 Parents: 550253f6529bfa56e494505e6517500f98c7223a Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=4918a6bd23f907b6712bdd04fcd265a411b0 Log: refactor away un-necessary casts in hashing routines Changed paths: M ext/hash/hash.c Diff: diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 7f0d36f..71f3753 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -222,8 +222,8 @@ static inline void php_hash_hmac_prep_key(unsigned char *K, const php_hash_ops * if (key_len > ops->block_size) { /* Reduce the key first */ ops->hash_init(context); - ops->hash_update(context, (unsigned char *) key, key_len); - ops->hash_final((unsigned char *) K, context); + ops->hash_update(context, key, key_len); + ops->hash_final(K, context); } else { memcpy(K, key, key_len); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Update NEWS to fix typo, add name: NEWS
Commit:550253f6529bfa56e494505e6517500f98c7223a Author:Anthony Ferrara Tue, 12 Jun 2012 13:51:18 -0400 Parents: 6387498823c85e07a549c189ba0ec33cb6e0d90c Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=550253f6529bfa56e494505e6517500f98c7223a Log: Update NEWS to fix typo, add name Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index dc42650..37e443d 100644 --- a/NEWS +++ b/NEWS @@ -43,7 +43,7 @@ PHP NEWS . Fixed bug #54995 (Missing CURLINFO_RESPONSE_CODE support). (Pierrick) - Hash - . Added support for PBKDF2 via hash_pbkdf2()F + . Added support for PBKDF2 via hash_pbkdf2(). (Anthony Ferrara) - MySQLi . Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql. -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Create hash_pbkdf2 function addition: NEWS ext/hash/hash.c ext/hash/php_hash.h ext/hash/tests/hash_pbkdf2_basic.phpt ext/hash/tests/hash_pbkdf2_error.phpt
Commit:6387498823c85e07a549c189ba0ec33cb6e0d90c Author:Anthony Ferrara Tue, 12 Jun 2012 09:57:11 -0400 Parents: 5b3c9f4fd1fbaa251beea37ff7870f6523320672 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=6387498823c85e07a549c189ba0ec33cb6e0d90c Log: Create hash_pbkdf2 function addition Changed paths: M NEWS M ext/hash/hash.c M ext/hash/php_hash.h A ext/hash/tests/hash_pbkdf2_basic.phpt A ext/hash/tests/hash_pbkdf2_error.phpt diff --git a/NEWS b/NEWS index e9e70e9..dc42650 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,9 @@ PHP NEWS still exists for backward compatibility but is doing nothing). (Pierrick) . Fixed bug #54995 (Missing CURLINFO_RESPONSE_CODE support). (Pierrick) +- Hash + . Added support for PBKDF2 via hash_pbkdf2()F + - MySQLi . Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql. Known for stability problems. (Andrey) diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 895d64d..7f0d36f 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -23,6 +23,7 @@ #include "config.h" #endif +#include #include "php_hash.h" #include "ext/standard/info.h" #include "ext/standard/file.h" @@ -202,10 +203,45 @@ PHP_FUNCTION(hash_file) } /* }}} */ +static inline void php_hash_string_xor_char(unsigned char *out, const unsigned char *in, const unsigned char xor_with, const int length) { + int i; + for(i=0; i < length; i++) { + out[i] = in[i] ^ xor_with; + } +} + +static inline void php_hash_string_xor(unsigned char *out, const unsigned char *in, const unsigned char *xor_with, const int length) { + int i; + for(i=0; i < length; i++) { + out[i] = in[i] ^ xor_with[i]; + } +} + +static inline void php_hash_hmac_prep_key(unsigned char *K, const php_hash_ops *ops, void *context, const unsigned char *key, const int key_len) { + memset(K, 0, ops->block_size); + if (key_len > ops->block_size) { + /* Reduce the key first */ + ops->hash_init(context); + ops->hash_update(context, (unsigned char *) key, key_len); + ops->hash_final((unsigned char *) K, context); + } else { + memcpy(K, key, key_len); + } + /* XOR the key with 0x36 to get the ipad) */ + php_hash_string_xor_char(K, K, 0x36, ops->block_size); +} + +static inline void php_hash_hmac_round(unsigned char *final, const php_hash_ops *ops, void *context, const unsigned char *key, const unsigned char *data, const long data_size) { + ops->hash_init(context); + ops->hash_update(context, key, ops->block_size); + ops->hash_update(context, data, data_size); + ops->hash_final(final, context); +} + static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_bool raw_output_default) /* {{{ */ { char *algo, *data, *digest, *key, *K; - int algo_len, data_len, key_len, i; + int algo_len, data_len, key_len; zend_bool raw_output = raw_output_default; const php_hash_ops *ops; void *context; @@ -230,52 +266,29 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename, } context = emalloc(ops->context_size); - ops->hash_init(context); K = emalloc(ops->block_size); - memset(K, 0, ops->block_size); + digest = emalloc(ops->digest_size + 1); - if (key_len > ops->block_size) { - /* Reduce the key first */ - ops->hash_update(context, (unsigned char *) key, key_len); - ops->hash_final((unsigned char *) K, context); - /* Make the context ready to start over */ - ops->hash_init(context); - } else { - memcpy(K, key, key_len); - } - - /* XOR ipad */ - for(i=0; i < ops->block_size; i++) { - K[i] ^= 0x36; - } - ops->hash_update(context, (unsigned char *) K, ops->block_size); + php_hash_hmac_prep_key((unsigned char *) K, ops, context, (unsigned char *) key, key_len); if (isfilename) { char buf[1024]; int n; - + ops->hash_init(context); + ops->hash_update(context, (unsigned char *) K, ops->block_size); while ((n = php_stream_read(stream, buf, sizeof(buf))) > 0) { ops->hash_update(context, (unsigned char *) buf, n); } php_stream_close(stream); + ops->hash_final((unsigned char *) digest, context); } else { - ops->hash_update(context, (unsigned char *) da
[PHP-CVS] com php-src: Add new function hash_pbkdf2() to UGRAPDING doc: UPGRADING
Commit:bf0154896705afe0da6ee1c7af4dc3d75afd194b Author:Anthony Ferrara Tue, 10 Jul 2012 13:13:30 -0400 Parents: 731c6fd274932a4d31a76a38a4006cad6ffc50d3 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bf0154896705afe0da6ee1c7af4dc3d75afd194b Log: Add new function hash_pbkdf2() to UGRAPDING doc Changed paths: M UPGRADING Diff: diff --git a/UPGRADING b/UPGRADING index 77fe972..8b52be2 100755 --- a/UPGRADING +++ b/UPGRADING @@ -97,6 +97,9 @@ PHP X.Y UPGRADE NOTES - Core: - boolval() +- Hash: + - hash_pbkdf2() + - Intl: - datefmt_get_calendar_object() - datefmt_get_timezone() -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merging in Password Hashing API into master: NEWS
Commit:9aacdf6e892fe46526e1e60a3b3fea1b1c350699 Author:Anthony Ferrara Tue, 16 Oct 2012 04:11:37 -0400 Parents: ccf749e38d1c05ab50d30781b47e55786d571585 0bc9ca39ced4128c3b9fb1ba2ac797d342e7eef2 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=9aacdf6e892fe46526e1e60a3b3fea1b1c350699 Log: Merging in Password Hashing API into master This implements the accepted RFC password_hash https://wiki.php.net/rfc/password_hash Changed paths: MM NEWS Diff: diff --cc NEWS index 41ab1bb,08045fc..2ad1fa7 --- a/NEWS +++ b/NEWS @@@ -3,8 -3,8 +3,10 @@@ PH ?? ??? 201?, PHP 5.5.0 - General improvements: + . Add simplified password hashing API + (https://wiki.php.net/rfc/password_hash). (Anthony Ferrara) + . Add generators and coroutines (https://wiki.php.net/rfc/generators). +(Nikita Popov) . Support list in foreach (https://wiki.php.net/rfc/foreachlist). (Laruence) . Implemented 'finally' keyword (https://wiki.php.net/rfc/finally). (Laruence) . Drop Windows XP and 2003 support. (Pierre) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Refactor to using a stack based zval instead of dynamic allocation: ext/standard/password.c
Commit:0bc9ca39ced4128c3b9fb1ba2ac797d342e7eef2 Author:Anthony Ferrara Sun, 7 Oct 2012 05:42:08 -0400 Parents: 37b2207f66ac1cebdc3ff3f7f88ec319ee893292 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=0bc9ca39ced4128c3b9fb1ba2ac797d342e7eef2 Log: Refactor to using a stack based zval instead of dynamic allocation Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 3507183..266ad0a 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -245,12 +245,11 @@ PHP_FUNCTION(password_needs_rehash) if (options && zend_symtable_find(options, "cost", sizeof("cost"), (void **) &option_buffer) == SUCCESS) { if (Z_TYPE_PP(option_buffer) != IS_LONG) { - zval *cast_option_buffer; - ALLOC_ZVAL(cast_option_buffer); - MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); - convert_to_long(cast_option_buffer); - new_cost = Z_LVAL_P(cast_option_buffer); - zval_ptr_dtor(&cast_option_buffer); + zval cast_option_buffer; + MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer); + convert_to_long(&cast_option_buffer); + new_cost = Z_LVAL(cast_option_buffer); + zval_dtor(&cast_option_buffer); } else { new_cost = Z_LVAL_PP(option_buffer); } @@ -326,12 +325,11 @@ PHP_FUNCTION(password_hash) if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { if (Z_TYPE_PP(option_buffer) != IS_LONG) { - zval *cast_option_buffer; - ALLOC_ZVAL(cast_option_buffer); - MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); - convert_to_long(cast_option_buffer); - cost = Z_LVAL_P(cast_option_buffer); - zval_ptr_dtor(&cast_option_buffer); + zval cast_option_buffer; + MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer); + convert_to_long(&cast_option_buffer); + cost = Z_LVAL(cast_option_buffer); + zval_dtor(&cast_option_buffer); } else { cost = Z_LVAL_PP(option_buffer); } @@ -366,17 +364,16 @@ PHP_FUNCTION(password_hash) case IS_LONG: case IS_DOUBLE: case IS_OBJECT: { - zval *cast_option_buffer; - ALLOC_ZVAL(cast_option_buffer); - MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); - convert_to_string(cast_option_buffer); - if (Z_TYPE_P(cast_option_buffer) == IS_STRING) { - buffer = estrndup(Z_STRVAL_P(cast_option_buffer), Z_STRLEN_P(cast_option_buffer)); - buffer_len_int = Z_STRLEN_P(cast_option_buffer); - zval_ptr_dtor(&cast_option_buffer); + zval cast_option_buffer; + MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer); + convert_to_string(&cast_option_buffer); + if (Z_TYPE(cast_option_buffer) == IS_STRING) { + buffer = estrndup(Z_STRVAL(cast_option_buffer), Z_STRLEN(cast_option_buffer)); + buffer_len_int = Z_STRLEN(cast_option_buffer); + zval_dtor(&cast_option_buffer); break; } - zval_ptr_dtor(&cast_option_buffer); + zval_dtor(&cast_option_buffer);
[PHP-CVS] com php-src: Clean up unreported memory leak by switching to zval_ptr_dtor: ext/standard/password.c
Commit:37b2207f66ac1cebdc3ff3f7f88ec319ee893292 Author:Anthony Ferrara Sun, 7 Oct 2012 05:12:02 -0400 Parents: 76e83f769ff5929b45cf0ac666335ce68ada166f Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=37b2207f66ac1cebdc3ff3f7f88ec319ee893292 Log: Clean up unreported memory leak by switching to zval_ptr_dtor Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 70004a9..3507183 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -250,7 +250,7 @@ PHP_FUNCTION(password_needs_rehash) MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); convert_to_long(cast_option_buffer); new_cost = Z_LVAL_P(cast_option_buffer); - zval_dtor(cast_option_buffer); + zval_ptr_dtor(&cast_option_buffer); } else { new_cost = Z_LVAL_PP(option_buffer); } @@ -331,7 +331,7 @@ PHP_FUNCTION(password_hash) MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); convert_to_long(cast_option_buffer); cost = Z_LVAL_P(cast_option_buffer); - zval_dtor(cast_option_buffer); + zval_ptr_dtor(&cast_option_buffer); } else { cost = Z_LVAL_PP(option_buffer); } @@ -373,10 +373,10 @@ PHP_FUNCTION(password_hash) if (Z_TYPE_P(cast_option_buffer) == IS_STRING) { buffer = estrndup(Z_STRVAL_P(cast_option_buffer), Z_STRLEN_P(cast_option_buffer)); buffer_len_int = Z_STRLEN_P(cast_option_buffer); - zval_dtor(cast_option_buffer); + zval_ptr_dtor(&cast_option_buffer); break; } - zval_dtor(cast_option_buffer); + zval_ptr_dtor(&cast_option_buffer); } case IS_BOOL: case IS_NULL: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Really fix leaks, add test cases to prove it...: ext/standard/password.c ext/standard/tests/password/password_bcrypt_errors.phpt ext/standard/tests/password/password_hash_error.
Commit:1751d5fabeff466f08da560caa6f9ade5a82 Author:Anthony Ferrara Sat, 6 Oct 2012 10:38:41 -0400 Parents: 25b2d364e995fc070ae16ee34f60d25148413769 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1751d5fabeff466f08da560caa6f9ade5a82 Log: Really fix leaks, add test cases to prove it... Changed paths: M ext/standard/password.c M ext/standard/tests/password/password_bcrypt_errors.phpt M ext/standard/tests/password/password_hash_error.phpt M ext/standard/tests/password/password_needs_rehash.phpt Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index af42a6f..9667fdc 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -245,9 +245,12 @@ PHP_FUNCTION(password_needs_rehash) if (options && zend_symtable_find(options, "cost", sizeof("cost"), (void **) &option_buffer) == SUCCESS) { if (Z_TYPE_PP(option_buffer) != IS_LONG) { - convert_to_long_ex(option_buffer); - new_cost = Z_LVAL_PP(option_buffer); - zval_ptr_dtor(option_buffer); + zval *cast_option_buffer; + ALLOC_ZVAL(cast_option_buffer); + INIT_PZVAL_COPY(cast_option_buffer, *option_buffer); + convert_to_long(cast_option_buffer); + new_cost = Z_LVAL_P(cast_option_buffer); + zval_dtor(cast_option_buffer); } else { new_cost = Z_LVAL_PP(option_buffer); } @@ -323,9 +326,12 @@ PHP_FUNCTION(password_hash) if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { if (Z_TYPE_PP(option_buffer) != IS_LONG) { - convert_to_long_ex(option_buffer); - cost = Z_LVAL_PP(option_buffer); - zval_ptr_dtor(option_buffer); + zval *cast_option_buffer; + ALLOC_ZVAL(cast_option_buffer); + INIT_PZVAL_COPY(cast_option_buffer, *option_buffer); + convert_to_long(cast_option_buffer); + cost = Z_LVAL_P(cast_option_buffer); + zval_dtor(cast_option_buffer); } else { cost = Z_LVAL_PP(option_buffer); } @@ -353,27 +359,27 @@ PHP_FUNCTION(password_hash) int buffer_len_int = 0; size_t buffer_len; switch (Z_TYPE_PP(option_buffer)) { - case IS_NULL: case IS_STRING: + buffer = estrndup(Z_STRVAL_PP(option_buffer), Z_STRLEN_PP(option_buffer)); + buffer_len_int = Z_STRLEN_PP(option_buffer); + break; case IS_LONG: case IS_DOUBLE: - case IS_BOOL: - case IS_OBJECT: - if (Z_TYPE_PP(option_buffer) == IS_STRING) { - buffer = Z_STRVAL_PP(option_buffer); - buffer_len_int = Z_STRLEN_PP(option_buffer); + case IS_OBJECT: { + zval *cast_option_buffer; + ALLOC_ZVAL(cast_option_buffer); + INIT_PZVAL_COPY(cast_option_buffer, *option_buffer); + convert_to_string(cast_option_buffer); + if (Z_TYPE_P(cast_option_buffer) == IS_STRING) { + buffer = estrndup(Z_STRVAL_P(cast_option_buffer), Z_STRLEN_P(cast_option_buffer)); + buffer_len_int = Z_STRLEN_P(cast_option_buffer); + zval_dtor(cast_option_buffer); break; - } else { - SEPARATE_ZVAL(option_buffer); - convert_to_string_ex(option_buffer); - if (Z_TYPE_PP(option_buffer) == IS_STRING) {
[PHP-CVS] com php-src: fix allocation and copy issue: ext/standard/password.c
Commit:76e83f769ff5929b45cf0ac666335ce68ada166f Author:Anthony Ferrara Sat, 6 Oct 2012 12:33:48 -0400 Parents: 1751d5fabeff466f08da560caa6f9ade5a82 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=76e83f769ff5929b45cf0ac666335ce68ada166f Log: fix allocation and copy issue Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 9667fdc..70004a9 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -247,7 +247,7 @@ PHP_FUNCTION(password_needs_rehash) if (Z_TYPE_PP(option_buffer) != IS_LONG) { zval *cast_option_buffer; ALLOC_ZVAL(cast_option_buffer); - INIT_PZVAL_COPY(cast_option_buffer, *option_buffer); + MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); convert_to_long(cast_option_buffer); new_cost = Z_LVAL_P(cast_option_buffer); zval_dtor(cast_option_buffer); @@ -328,7 +328,7 @@ PHP_FUNCTION(password_hash) if (Z_TYPE_PP(option_buffer) != IS_LONG) { zval *cast_option_buffer; ALLOC_ZVAL(cast_option_buffer); - INIT_PZVAL_COPY(cast_option_buffer, *option_buffer); + MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); convert_to_long(cast_option_buffer); cost = Z_LVAL_P(cast_option_buffer); zval_dtor(cast_option_buffer); @@ -368,7 +368,7 @@ PHP_FUNCTION(password_hash) case IS_OBJECT: { zval *cast_option_buffer; ALLOC_ZVAL(cast_option_buffer); - INIT_PZVAL_COPY(cast_option_buffer, *option_buffer); + MAKE_COPY_ZVAL(option_buffer, cast_option_buffer); convert_to_string(cast_option_buffer); if (Z_TYPE_P(cast_option_buffer) == IS_STRING) { buffer = estrndup(Z_STRVAL_P(cast_option_buffer), Z_STRLEN_P(cast_option_buffer)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix issue with possible memory leak: ext/standard/password.c
Commit:25b2d364e995fc070ae16ee34f60d25148413769 Author:Anthony Ferrara Fri, 5 Oct 2012 15:53:40 -0400 Parents: 4a7d18c79ef956022090cf7e8159ca6d50ae2339 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=25b2d364e995fc070ae16ee34f60d25148413769 Log: Fix issue with possible memory leak Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 87fc2c2..af42a6f 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -350,7 +350,7 @@ PHP_FUNCTION(password_hash) if (options && zend_symtable_find(options, "salt", 5, (void**) &option_buffer) == SUCCESS) { char *buffer; - int buffer_len_int; + int buffer_len_int = 0; size_t buffer_len; switch (Z_TYPE_PP(option_buffer)) { case IS_NULL: @@ -359,17 +359,20 @@ PHP_FUNCTION(password_hash) case IS_DOUBLE: case IS_BOOL: case IS_OBJECT: - convert_to_string_ex(option_buffer); if (Z_TYPE_PP(option_buffer) == IS_STRING) { buffer = Z_STRVAL_PP(option_buffer); buffer_len_int = Z_STRLEN_PP(option_buffer); - if (buffer_len_int < 0) { + break; + } else { + SEPARATE_ZVAL(option_buffer); + convert_to_string_ex(option_buffer); + if (Z_TYPE_PP(option_buffer) == IS_STRING) { + buffer = Z_STRVAL_PP(option_buffer); + buffer_len_int = Z_STRLEN_PP(option_buffer); zval_ptr_dtor(option_buffer); - efree(hash_format); - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long"); + break; } - buffer_len = (size_t) buffer_len_int; - break; + zval_ptr_dtor(option_buffer); } case IS_RESOURCE: case IS_ARRAY: @@ -378,6 +381,11 @@ PHP_FUNCTION(password_hash) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied"); RETURN_NULL(); } + if (buffer_len_int < 0) { + efree(hash_format); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long"); + } + buffer_len = (size_t) buffer_len_int; if (buffer_len < required_salt_len) { efree(hash_format); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix some double free issues, and more cleanup work: ext/standard/password.c
Commit:4a7d18c79ef956022090cf7e8159ca6d50ae2339 Author:Anthony Ferrara Fri, 5 Oct 2012 15:31:58 -0400 Parents: 8bd79d180716fc521a3f5cae4bbfa96eb6397925 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=4a7d18c79ef956022090cf7e8159ca6d50ae2339 Log: Fix some double free issues, and more cleanup work Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index e876269..87fc2c2 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -79,7 +79,7 @@ static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len } /* }}} */ -static int php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ +static zend_bool php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ { size_t pos = 0; size_t ret_len = 0; @@ -108,7 +108,7 @@ static int php_password_salt_to64(const char *str, const size_t str_len, const s } /* }}} */ -static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ +static zend_bool php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; size_t i, raw_length; @@ -163,9 +163,8 @@ static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ efree(buffer); efree(result); return FAILURE; - } else { - memcpy(ret, result, (int) length); } + memcpy(ret, result, (int) length); efree(result); efree(buffer); ret[length] = 0; @@ -245,9 +244,13 @@ PHP_FUNCTION(password_needs_rehash) long new_cost = PHP_PASSWORD_BCRYPT_COST, cost = 0; if (options && zend_symtable_find(options, "cost", sizeof("cost"), (void **) &option_buffer) == SUCCESS) { - convert_to_long_ex(option_buffer); - new_cost = Z_LVAL_PP(option_buffer); - zval_ptr_dtor(option_buffer); + if (Z_TYPE_PP(option_buffer) != IS_LONG) { + convert_to_long_ex(option_buffer); + new_cost = Z_LVAL_PP(option_buffer); + zval_ptr_dtor(option_buffer); + } else { + new_cost = Z_LVAL_PP(option_buffer); + } } sscanf(hash, "$2y$%ld$", &cost); @@ -319,9 +322,13 @@ PHP_FUNCTION(password_hash) long cost = PHP_PASSWORD_BCRYPT_COST; if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { - convert_to_long_ex(option_buffer); - cost = Z_LVAL_PP(option_buffer); - zval_ptr_dtor(option_buffer); + if (Z_TYPE_PP(option_buffer) != IS_LONG) { + convert_to_long_ex(option_buffer); + cost = Z_LVAL_PP(option_buffer); + zval_ptr_dtor(option_buffer); + } else { + cost = Z_LVAL_PP(option_buffer); + } } if (cost < 4 || cost > 31) { @@ -367,14 +374,12 @@ PHP_FUNCTION(password_hash) case IS_RESOURCE: case IS_ARRAY: default: - zval_ptr_dtor(option_buffer); efree(hash_format); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied"); RETURN_NULL(); } if (buffer_len < required_salt_len) { efree(hash_format); - zval_ptr_dtor(option_buffer); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); RETURN_NULL(); } else if (0 == php_password_salt_is_alphabet(buffer, buffer_len)) { @@ -382,7 +387,6 @@ PHP_FUNCTION(password_hash) if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE)
[PHP-CVS] com php-src: Fix arg info for required params passed to needs_rehash: ext/standard/basic_functions.c
Commit:6fd5ba5c8d70ecbd80175a488160f57380d8afee Author:Anthony Ferrara Mon, 17 Sep 2012 11:10:59 -0400 Parents: 44c2624f8c7d6bc00f46bc69c77791c2a334cc9a Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=6fd5ba5c8d70ecbd80175a488160f57380d8afee Log: Fix arg info for required params passed to needs_rehash Changed paths: M ext/standard/basic_functions.c Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index cf2266c..a30579e 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1863,7 +1863,7 @@ ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX(arginfo_password_get_info, 0, 0, 1) ZEND_ARG_INFO(0, hash) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_INFO_EX(arginfo_password_needs_rehash, 0, 0, 1) +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_needs_rehash, 0, 0, 2) ZEND_ARG_INFO(0, hash) ZEND_ARG_INFO(0, algo) ZEND_ARG_INFO(0, options) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Refactor slightly to enable cleaner readability: ext/standard/password.c
Commit:8bd79d180716fc521a3f5cae4bbfa96eb6397925 Author:Anthony Ferrara Mon, 17 Sep 2012 11:43:47 -0400 Parents: 6fd5ba5c8d70ecbd80175a488160f57380d8afee Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=8bd79d180716fc521a3f5cae4bbfa96eb6397925 Log: Refactor slightly to enable cleaner readability Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 8e9d894..e876269 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -242,16 +242,16 @@ PHP_FUNCTION(password_needs_rehash) switch (algo) { case PHP_PASSWORD_BCRYPT: { - int newCost = PHP_PASSWORD_BCRYPT_COST, cost = 0; + long new_cost = PHP_PASSWORD_BCRYPT_COST, cost = 0; - if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { + if (options && zend_symtable_find(options, "cost", sizeof("cost"), (void **) &option_buffer) == SUCCESS) { convert_to_long_ex(option_buffer); - newCost = Z_LVAL_PP(option_buffer); + new_cost = Z_LVAL_PP(option_buffer); zval_ptr_dtor(option_buffer); } - sscanf(hash, "$2y$%d$", &cost); - if (cost != newCost) { + sscanf(hash, "$2y$%ld$", &cost); + if (cost != new_cost) { RETURN_TRUE; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix ucwords error casing: ext/standard/password.c
Commit:44c2624f8c7d6bc00f46bc69c77791c2a334cc9a Author:Anthony Ferrara Mon, 17 Sep 2012 10:59:51 -0400 Parents: e034a46bdc36fb82957f5e503fa730776dfbba11 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=44c2624f8c7d6bc00f46bc69c77791c2a334cc9a Log: Fix ucwords error casing Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 6c2a9af..8e9d894 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -185,7 +185,7 @@ PHP_FUNCTION(password_get_info) } if (hash_len < 0 || (size_t) hash_len < 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied Password Hash Too Long To Safely Identify"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied password hash too long to safely identify"); RETURN_FALSE; } @@ -229,7 +229,7 @@ PHP_FUNCTION(password_needs_rehash) } if (hash_len < 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied Password Hash Too Long To Safely Identify"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied password hash too long to safely identify"); RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: A bunch of naming convention fixes. No functionality changes: ext/standard/password.c ext/standard/php_password.h
Commit:e034a46bdc36fb82957f5e503fa730776dfbba11 Author:Anthony Ferrara Mon, 17 Sep 2012 10:52:07 -0400 Parents: 83cfff4593bd3bd7791f32795e9b5bda446cd8e2 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e034a46bdc36fb82957f5e503fa730776dfbba11 Log: A bunch of naming convention fixes. No functionality changes Changed paths: M ext/standard/password.c M ext/standard/php_password.h Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 0dd8fed..6c2a9af 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -38,7 +38,7 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ { REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT); @@ -46,23 +46,24 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ } /* }}} */ -static char* php_password_get_algo_name(const php_password_algos algo) +static char* php_password_get_algo_name(const php_password_algo algo) { switch (algo) { - case PASSWORD_BCRYPT: + case PHP_PASSWORD_BCRYPT: return "bcrypt"; + case PHP_PASSWORD_UNKNOWN: default: return "unknown"; } } -static php_password_algos php_password_determine_algo(const char *hash, const size_t len) +static php_password_algo php_password_determine_algo(const char *hash, const size_t len) { if (len > 3 && hash[0] == '$' && hash[1] == '2' && hash[2] == 'y' && len == 60) { - return PASSWORD_BCRYPT; + return PHP_PASSWORD_BCRYPT; } - return PASSWORD_UNKNOWN; + return PHP_PASSWORD_UNKNOWN; } static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ @@ -174,13 +175,13 @@ static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ PHP_FUNCTION(password_get_info) { - php_password_algos algo; + php_password_algo algo; int hash_len; - char *hash, *algoName; + char *hash, *algo_name; zval *options; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &hash, &hash_len) == FAILURE) { - RETURN_NULL(); + return; } if (hash_len < 0 || (size_t) hash_len < 0) { @@ -192,17 +193,17 @@ PHP_FUNCTION(password_get_info) array_init(options); algo = php_password_determine_algo(hash, (size_t) hash_len); - algoName = php_password_get_algo_name(algo); + algo_name = php_password_get_algo_name(algo); switch (algo) { - case PASSWORD_BCRYPT: + case PHP_PASSWORD_BCRYPT: { long cost = PHP_PASSWORD_BCRYPT_COST; sscanf(hash, "$2y$%ld$", &cost); add_assoc_long(options, "cost", cost); } break; - case PASSWORD_UNKNOWN: + case PHP_PASSWORD_UNKNOWN: default: break; } @@ -210,21 +211,21 @@ PHP_FUNCTION(password_get_info) array_init(return_value); add_assoc_long(return_value, "algo", algo); - add_assoc_string(return_value, "algoName", algoName, 1); + add_assoc_string(return_value, "algoName", algo_name, 1); add_assoc_zval(return_value, "options", options); } PHP_FUNCTION(password_needs_rehash) { long new_algo = 0; - php_password_algos algo; + php_password_algo algo; int hash_len; char *hash; HashTable *options = 0; zval **option_buffer; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &hash, &hash_len, &new_algo, &options) == FAILURE) { - RETURN_NULL(); + return; } if (hash_len < 0) { @@ -239,7 +240,7 @@ PHP_FUNCTION(password_needs_rehash) } switch (algo) { - case PASSWORD_BCRYPT: + case PHP_PASSWORD_BCRYPT: { int newCost = PHP_PASSWORD_BCRYPT_COST, cost = 0; @@ -255,7 +256,7 @@ PHP_FUNCTION(password_needs_rehash) } } break
[PHP-CVS] com php-src: Switch to using an ENUM for algorithms instead of a constant: ext/standard/password.c ext/standard/php_password.h
Commit:83cfff4593bd3bd7791f32795e9b5bda446cd8e2 Author:Anthony Ferrara Thu, 13 Sep 2012 10:32:54 -0400 Parents: 7ec80e1a139ca7f43c02728f3fe2424cef0138b6 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=83cfff4593bd3bd7791f32795e9b5bda446cd8e2 Log: Switch to using an ENUM for algorithms instead of a constant Changed paths: M ext/standard/password.c M ext/standard/php_password.h Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 9b1bb8c..0dd8fed 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -38,7 +38,7 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ { REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT); @@ -46,29 +46,26 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ } /* }}} */ -static char* php_password_get_algo_name(const int algo) +static char* php_password_get_algo_name(const php_password_algos algo) { switch (algo) { - case PHP_PASSWORD_BCRYPT: + case PASSWORD_BCRYPT: return "bcrypt"; default: return "unknown"; } } -static int php_password_determine_algo(const char *hash, const size_t len) +static php_password_algos php_password_determine_algo(const char *hash, const size_t len) { - if (len < 3) { - return 0; - } - if (hash[0] == '$' && hash[1] == '2' && hash[2] == 'y' && len == 60) { - return PHP_PASSWORD_BCRYPT; + if (len > 3 && hash[0] == '$' && hash[1] == '2' && hash[2] == 'y' && len == 60) { + return PASSWORD_BCRYPT; } - return 0; + return PASSWORD_UNKNOWN; } -static int php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ +static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ { size_t i = 0; @@ -177,7 +174,7 @@ static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ PHP_FUNCTION(password_get_info) { - long algo; + php_password_algos algo; int hash_len; char *hash, *algoName; zval *options; @@ -198,13 +195,16 @@ PHP_FUNCTION(password_get_info) algoName = php_password_get_algo_name(algo); switch (algo) { - case PHP_PASSWORD_BCRYPT: + case PASSWORD_BCRYPT: { long cost = PHP_PASSWORD_BCRYPT_COST; sscanf(hash, "$2y$%ld$", &cost); add_assoc_long(options, "cost", cost); } - break; + break; + case PASSWORD_UNKNOWN: + default: + break; } array_init(return_value); @@ -216,7 +216,8 @@ PHP_FUNCTION(password_get_info) PHP_FUNCTION(password_needs_rehash) { - long new_algo = 0, algo = 0; + long new_algo = 0; + php_password_algos algo; int hash_len; char *hash; HashTable *options = 0; @@ -238,7 +239,7 @@ PHP_FUNCTION(password_needs_rehash) } switch (algo) { - case PHP_PASSWORD_BCRYPT: + case PASSWORD_BCRYPT: { int newCost = PHP_PASSWORD_BCRYPT_COST, cost = 0; @@ -254,6 +255,9 @@ PHP_FUNCTION(password_needs_rehash) } } break; + case PASSWORD_UNKNOWN: + default: + break; } RETURN_FALSE; } @@ -309,7 +313,7 @@ PHP_FUNCTION(password_hash) } switch (algo) { - case PHP_PASSWORD_BCRYPT: + case PASSWORD_BCRYPT: { long cost = PHP_PASSWORD_BCRYPT_COST; diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index db7747a..c812e2c 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -28,11 +28,15 @@ PHP_FUNCTION(password_get_info); PHP_MINIT_FUNCTION(password); -#define PHP_PASSWORD_DEFAULT 1 -#define PHP_PASSWORD_BCRYPT1 +#define PHP_PASSWORD_DEFAULT PASSWORD_BCRYPT #define PHP_PASSWORD_BCRYPT_COST 10 +typedef enum { + PASSWORD_UNKNOWN, + PASSWORD_BCRYPT +} php_password_algos; + #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Add news entry for password API: NEWS
Commit:7161c3d2cfde54ce218f20d03684f2a58e1c7627 Author:Anthony Ferrara Wed, 12 Sep 2012 11:56:12 -0400 Parents: 3e383dc0d5d7eb957f6639ab38dd566e16bca92b Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7161c3d2cfde54ce218f20d03684f2a58e1c7627 Log: Add news entry for password API Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 1ee9779..08045fc 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP NEWS ?? ??? 201?, PHP 5.5.0 - General improvements: + . Add simplified password hashing API +(https://wiki.php.net/rfc/password_hash). (Anthony Ferrara) . Support list in foreach (https://wiki.php.net/rfc/foreachlist). (Laruence) . Implemented 'finally' keyword (https://wiki.php.net/rfc/finally). (Laruence) . Drop Windows XP and 2003 support. (Pierre) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Remove bcrypt_cost ini entry from declaration: main/main.c
Commit:ebe0bd5dee07bebd8444d9e7c28864ba17efeef8 Author:Anthony Ferrara Wed, 12 Sep 2012 11:44:03 -0400 Parents: e9a7bde829b3e43e2c61455752801e31ea88974f Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=ebe0bd5dee07bebd8444d9e7c28864ba17efeef8 Log: Remove bcrypt_cost ini entry from declaration Changed paths: M main/main.c Diff: diff --git a/main/main.c b/main/main.c index 2f40dc9..5eb9947 100644 --- a/main/main.c +++ b/main/main.c @@ -539,8 +539,6 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("error_append_string",NULL, PHP_INI_ALL,OnUpdateString, error_append_string, php_core_globals, core_globals) STD_PHP_INI_ENTRY("error_prepend_string", NULL, PHP_INI_ALL,OnUpdateString, error_prepend_string, php_core_globals, core_globals) - PHP_INI_ENTRY("password.bcrypt_cost", "11", PHP_INI_ALL,NULL) - PHP_INI_ENTRY("SMTP", "localhost",PHP_INI_ALL,NULL) PHP_INI_ENTRY("smtp_port", "25", PHP_INI_ALL,NULL) STD_PHP_INI_BOOLEAN("mail.add_x_header","0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, mail_x_header, php_core_globals, core_globals) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Expose PASSWORD_BCRYPT_DEFAULT_COST constant and update test to use it: ext/standard/password.c ext/standard/tests/password/password_needs_rehash.phpt
Commit:76f3295cdfd6a3106297352e73b9691084582211 Author:Anthony Ferrara Wed, 12 Sep 2012 11:47:50 -0400 Parents: ebe0bd5dee07bebd8444d9e7c28864ba17efeef8 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=76f3295cdfd6a3106297352e73b9691084582211 Log: Expose PASSWORD_BCRYPT_DEFAULT_COST constant and update test to use it Changed paths: M ext/standard/password.c M ext/standard/tests/password/password_needs_rehash.phpt Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index d3dc457..9b1bb8c 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -40,6 +40,8 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT); + return SUCCESS; } /* }}} */ diff --git a/ext/standard/tests/password/password_needs_rehash.phpt b/ext/standard/tests/password/password_needs_rehash.phpt index 0c03d88..2fc3983 100644 --- a/ext/standard/tests/password/password_needs_rehash.phpt +++ b/ext/standard/tests/password/password_needs_rehash.phpt @@ -22,9 +22,9 @@ var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9H // Invalid, different (higher) cost var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 11))); -// Valid with cost the default (may need to be updated as the default cost increases) -var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT)); - +// Valid with cost the default +$cost = str_pad(PASSWORD_BCRYPT_DEFAULT_COST, 2, '0', STR_PAD_LEFT); +var_dump(password_needs_rehash('$2y$'.$cost.'$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT)); echo "OK!"; ?> -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Switch test to using strict comparison for crypt fallback: ext/standard/tests/password/password_hash.phpt
Commit:e9a7bde829b3e43e2c61455752801e31ea88974f Author:Anthony Ferrara Wed, 12 Sep 2012 11:37:56 -0400 Parents: e8b7f5b35da46a2bc414c922e8e1a7093d963899 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e9a7bde829b3e43e2c61455752801e31ea88974f Log: Switch test to using strict comparison for crypt fallback Changed paths: M ext/standard/tests/password/password_hash.phpt Diff: diff --git a/ext/standard/tests/password/password_hash.phpt b/ext/standard/tests/password/password_hash.phpt index ff48b29..f59d3d5 100644 --- a/ext/standard/tests/password/password_hash.phpt +++ b/ext/standard/tests/password/password_hash.phpt @@ -8,7 +8,7 @@ var_dump(strlen(password_hash("foo", PASSWORD_BCRYPT))); $hash = password_hash("foo", PASSWORD_BCRYPT); -var_dump($hash == crypt("foo", $hash)); +var_dump($hash === crypt("foo", $hash)); var_dump(password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "usesomesillystringforsalt"))); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Add tests for password_get_info and password_needs_rehash: ext/standard/tests/password/password_get_info.phpt ext/standard/tests/password/password_get_info_error.phpt ext/standa
Commit:e8b7f5b35da46a2bc414c922e8e1a7093d963899 Author:Anthony Ferrara Wed, 12 Sep 2012 11:21:08 -0400 Parents: db41f9fe60d863041fb53a273c2f64b6925f5ad0 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e8b7f5b35da46a2bc414c922e8e1a7093d963899 Log: Add tests for password_get_info and password_needs_rehash Changed paths: A ext/standard/tests/password/password_get_info.phpt A ext/standard/tests/password/password_get_info_error.phpt A ext/standard/tests/password/password_needs_rehash.phpt A ext/standard/tests/password/password_needs_rehash_error.phpt Diff: diff --git a/ext/standard/tests/password/password_get_info.phpt b/ext/standard/tests/password/password_get_info.phpt new file mode 100644 index 000..4c8dc04 --- /dev/null +++ b/ext/standard/tests/password/password_get_info.phpt @@ -0,0 +1,58 @@ +--TEST-- +Test normal operation of password_get_info() +--FILE-- + +--EXPECT-- +array(3) { + ["algo"]=> + int(1) + ["algoName"]=> + string(6) "bcrypt" + ["options"]=> + array(1) { +["cost"]=> +int(10) + } +} +array(3) { + ["algo"]=> + int(1) + ["algoName"]=> + string(6) "bcrypt" + ["options"]=> + array(1) { +["cost"]=> +int(11) + } +} +array(3) { + ["algo"]=> + int(0) + ["algoName"]=> + string(7) "unknown" + ["options"]=> + array(0) { + } +} +array(3) { + ["algo"]=> + int(0) + ["algoName"]=> + string(7) "unknown" + ["options"]=> + array(0) { + } +} +OK! diff --git a/ext/standard/tests/password/password_get_info_error.phpt b/ext/standard/tests/password/password_get_info_error.phpt new file mode 100644 index 000..af67674 --- /dev/null +++ b/ext/standard/tests/password/password_get_info_error.phpt @@ -0,0 +1,17 @@ +--TEST-- +Test error operation of password_get_info() +--FILE-- + +--EXPECTF-- +Warning: password_get_info() expects exactly 1 parameter, 0 given in %s on line %d +NULL + +Warning: password_get_info() expects parameter 1 to be string, array given in %s on line %d +NULL +OK! diff --git a/ext/standard/tests/password/password_needs_rehash.phpt b/ext/standard/tests/password/password_needs_rehash.phpt new file mode 100644 index 000..0c03d88 --- /dev/null +++ b/ext/standard/tests/password/password_needs_rehash.phpt @@ -0,0 +1,39 @@ +--TEST-- +Test normal operation of password_needs_rehash() +--FILE-- + 10))); + +// Valid with cost the same, additional params +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10, 'foo' => 3))); + +// Invalid, different (lower) cost +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 09))); + +// Invalid, different (higher) cost +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 11))); + +// Valid with cost the default (may need to be updated as the default cost increases) +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT)); + + +echo "OK!"; +?> +--EXPECT-- +bool(true) +bool(false) +bool(false) +bool(false) +bool(true) +bool(true) +bool(false) +OK! diff --git a/ext/standard/tests/password/password_needs_rehash_error.phpt b/ext/standard/tests/password/password_needs_rehash_error.phpt new file mode 100644 index 000..e25ef8d --- /dev/null +++ b/ext/standard/tests/password/password_needs_rehash_error.phpt @@ -0,0 +1,33 @@ +--TEST-- +Test error operation of password_needs_rehash() +--FILE-- + +--EXPECTF-- +Warning: password_needs_rehash() expects at least 2 parameters, 0 given in %s on line %d +NULL + +Warning: password_needs_rehash() expects at least 2 parameters, 1 given in %s on line %d +NULL + +Warning: password_needs_rehash() expects parameter 2 to be long, string given in %s on line %d +NULL + +Warning: password_needs_rehash() expects parameter 1 to be string, array given in %s on line %d +NULL + +Warning: password_needs_rehash() expects parameter 3 to be array, string given in %s on line %d +NULL +OK! -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix incorrect arg info required param count for password_hash: ext/standard/basic_functions.c
Commit:7ec80e1a139ca7f43c02728f3fe2424cef0138b6 Author:Anthony Ferrara Wed, 12 Sep 2012 12:15:33 -0400 Parents: 7161c3d2cfde54ce218f20d03684f2a58e1c7627 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7ec80e1a139ca7f43c02728f3fe2424cef0138b6 Log: Fix incorrect arg info required param count for password_hash Changed paths: M ext/standard/basic_functions.c Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index ece64f3..cf2266c 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1855,7 +1855,7 @@ ZEND_BEGIN_ARG_INFO(arginfo_getlastmod, 0) ZEND_END_ARG_INFO() /* }}} */ /* {{{ password.c */ -ZEND_BEGIN_ARG_INFO_EX(arginfo_password_hash, 0, 0, 1) +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_hash, 0, 0, 2) ZEND_ARG_INFO(0, password) ZEND_ARG_INFO(0, algo) ZEND_ARG_INFO(0, options) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Refactoring to use size_t instead of int most places: ext/standard/password.c ext/standard/php_password.h
Commit:db41f9fe60d863041fb53a273c2f64b6925f5ad0 Author:Anthony Ferrara Tue, 4 Sep 2012 11:34:00 -0400 Parents: 824f1f45818096eff0e022ba2a1cbc2071343c9a Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=db41f9fe60d863041fb53a273c2f64b6925f5ad0 Log: Refactoring to use size_t instead of int most places Changed paths: M ext/standard/password.c M ext/standard/php_password.h diff --git a/ext/standard/password.c b/ext/standard/password.c index 4f8ef5d..d3dc457 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -44,7 +44,17 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ } /* }}} */ -static long php_password_determine_algo(const char *hash, const int len) +static char* php_password_get_algo_name(const int algo) +{ + switch (algo) { + case PHP_PASSWORD_BCRYPT: + return "bcrypt"; + default: + return "unknown"; + } +} + +static int php_password_determine_algo(const char *hash, const size_t len) { if (len < 3) { return 0; @@ -56,27 +66,33 @@ static long php_password_determine_algo(const char *hash, const int len) return 0; } -static int php_password_salt_is_alphabet(const char *str, const int len, const int salt_type) /* {{{ */ +static int php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ { - int i = 0; + size_t i = 0; - if (salt_type == PHP_PASSWORD_SALT_BCRYPT) { - for (i = 0; i < len; i++) { - if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { - return 0; - } + for (i = 0; i < len; i++) { + if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { + return 0; } } - return 1; } /* }}} */ -static int php_password_salt_to64(const char *str, const int str_len, const int out_len, char *ret) /* {{{ */ +static int php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ { - int pos = 0; + size_t pos = 0; + size_t ret_len = 0; unsigned char *buffer; - buffer = php_base64_encode((unsigned char*) str, str_len, NULL); + if ((int) str_len < 0) { + return FAILURE; + } + buffer = php_base64_encode((unsigned char*) str, (int) str_len, (int*) &ret_len); + if (ret_len < out_len) { + /* Too short of an encoded string generated */ + efree(buffer); + return FAILURE; + } for (pos = 0; pos < out_len; pos++) { if (buffer[pos] == '+') { ret[pos] = '.'; @@ -92,30 +108,26 @@ static int php_password_salt_to64(const char *str, const int str_len, const int } /* }}} */ -static int php_password_make_salt(long length, int salt_type, char *ret TSRMLS_DC) /* {{{ */ +static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; - long i, raw_length; + size_t i, raw_length; char *buffer; + char *result; - if (salt_type == PHP_PASSWORD_SALT_RAW) { - raw_length = length; - } else if (salt_type == PHP_PASSWORD_SALT_BCRYPT) { - if (length > (LONG_MAX / 3)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); - return FAILURE; - } - raw_length = length * 3 / 4 + 1; - } else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown salt type paramter"); + if (length > (INT_MAX / 3)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); return FAILURE; } + + raw_length = length * 3 / 4 + 1; + buffer = (char *) safe_emalloc(raw_length, 1, 1); #if PHP_WIN32 { BYTE *iv_b = (BYTE *) buffer; - if (php_win32_get_random_bytes(iv_b, (size_t) raw_length) == SUCCESS) { + if (php_win32_get_random_bytes(iv_b, raw_length) == SUCCESS) { buffer_valid = 1; } } @@ -130,11 +142,11 @@ static int php_password_make_salt(long length, int salt_type, char *ret TSRMLS_D
[PHP-CVS] com php-src: Merge remote branch 'upstream/master' into hash_password: ext/standard/basic_functions.c main/main.c
Commit:824f1f45818096eff0e022ba2a1cbc2071343c9a Author:Anthony Ferrara Tue, 4 Sep 2012 10:29:22 -0400 Parents: e05413ca594ff10fd93d40429cb598c2e109edf4 4b206126aca2ad9181abe65d70367680a4bc4c03 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=824f1f45818096eff0e022ba2a1cbc2071343c9a Log: Merge remote branch 'upstream/master' into hash_password * upstream/master: (393 commits) forked two tests for windows Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice) Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice). Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice). Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice) Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice) Bug #49510: Boolean validation fails with FILTER_NULL_ON_FAILURE with empty string or false Implemented ReflectionFunction::isGenerator() Allow null as a default value for length in mb_substr() and mb_strcut() Allow null as a default value for length in mb_substr() and mb_strcut() folder Initializing optional argument description in assert() Initializing optional argument description in assert() Fix test failed due to new Token T_YIELD fix NEWS Fix leak when yielding array as key Drop obsolete test Remove extra blank in notice message, should act as same as vm Fixed bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables) assert() user message ... Bugs: https://bugs.php.net/50997 https://bugs.php.net/49510 https://bugs.php.net/62987 Changed paths: MM ext/standard/basic_functions.c MM main/main.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Remove password_make_salt() from the implementation: ext/standard/basic_functions.c ext/standard/password.c ext/standard/php_password.h ext/standard/tests/password/password_make
Commit:e05413ca594ff10fd93d40429cb598c2e109edf4 Author:Anthony Ferrara Tue, 28 Aug 2012 11:24:33 -0400 Parents: 707c9073b595a75447fbc25e01e7804293fad9b7 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e05413ca594ff10fd93d40429cb598c2e109edf4 Log: Remove password_make_salt() from the implementation Changed paths: M ext/standard/basic_functions.c M ext/standard/password.c M ext/standard/php_password.h D ext/standard/tests/password/password_make_salt.phpt D ext/standard/tests/password/password_make_salt_error.phpt Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index e6b1559..1f1b3d3 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1884,10 +1884,6 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_password_verify, 0, 0, 2) ZEND_ARG_INFO(0, password) ZEND_ARG_INFO(0, hash) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_INFO_EX(arginfo_password_make_salt, 0, 0, 1) - ZEND_ARG_INFO(0, length) - ZEND_ARG_INFO(0, raw_output) -ZEND_END_ARG_INFO() /* }}} */ /* {{{ proc_open.c */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN @@ -2907,8 +2903,6 @@ const zend_function_entry basic_functions[] = { /* {{{ */ PHP_FE(password_get_info, arginfo_password_get_info) PHP_FE(password_needs_rehash, arginfo_password_needs_rehash) PHP_FE(password_verify, arginfo_password_verify) - PHP_FE(password_make_salt, arginfo_password_make_salt) - PHP_FE(convert_uuencode, arginfo_convert_uuencode) PHP_FE(convert_uudecode, arginfo_convert_uudecode) diff --git a/ext/standard/password.c b/ext/standard/password.c index 2e5d62a..4f8ef5d 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -40,9 +40,6 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_SALT_RAW", PHP_PASSWORD_SALT_RAW, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_SALT_BCRYPT", PHP_PASSWORD_SALT_BCRYPT, CONST_CS | CONST_PERSISTENT); - return SUCCESS; } /* }}} */ @@ -95,8 +92,6 @@ static int php_password_salt_to64(const char *str, const int str_len, const int } /* }}} */ -#define PHP_PASSWORD_FUNCTION_EXISTS(func, func_len) (zend_hash_find(EG(function_table), (func), (func_len) + 1, (void **) &func_ptr) == SUCCESS && func_ptr->type == ZEND_INTERNAL_FUNCTION && func_ptr->internal_function.handler != zif_display_disabled_function) - static int php_password_make_salt(long length, int salt_type, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; @@ -277,35 +272,6 @@ PHP_FUNCTION(password_verify) } /* }}} */ -/* {{{ proto string password_make_salt(int length, int salt_type = PASSWORD_SALT_BCRYPT) -Make a new random salt */ -PHP_FUNCTION(password_make_salt) -{ - char *salt; - long length = 0, salt_type = 0; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|l", &length, &salt_type) == FAILURE) { - RETURN_NULL(); - } - if (length <= 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length cannot be less than or equal zero: %ld", length); - RETURN_NULL(); - } else if (length > (LONG_MAX / 3)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); - RETURN_NULL(); - } - - if (!salt_type) { - salt_type = PHP_PASSWORD_SALT_BCRYPT; - } - salt = safe_emalloc(length, 1, 1); - if (php_password_make_salt(length, (int) salt_type, salt TSRMLS_CC) == FAILURE) { - efree(salt); - RETURN_FALSE; - } - RETURN_STRINGL(salt, length, 0); -} -/* }}} */ - /* {{{ proto string password_hash(string password, int algo, array options = array()) Hash a password */ PHP_FUNCTION(password_hash) diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index 8211ae1..d99c061 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -23,7 +23,6 @@ PHP_FUNCTION(password_hash); PHP_FUN
[PHP-CVS] com php-src: Switch second parameter to password_make_salt to be a flag: ext/standard/password.c ext/standard/php_password.h ext/standard/tests/password/password_make_salt.phpt ext/standard/
Commit:707c9073b595a75447fbc25e01e7804293fad9b7 Author:Anthony Ferrara Wed, 11 Jul 2012 22:15:56 -0400 Parents: 99b7956ad58395853f7950ae01a43139413d348d Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=707c9073b595a75447fbc25e01e7804293fad9b7 Log: Switch second parameter to password_make_salt to be a flag Changed paths: M ext/standard/password.c M ext/standard/php_password.h M ext/standard/tests/password/password_make_salt.phpt M ext/standard/tests/password/password_make_salt_error.phpt Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 2f1ebb5..2e5d62a 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -39,6 +39,10 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ { REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); + + REGISTER_LONG_CONSTANT("PASSWORD_SALT_RAW", PHP_PASSWORD_SALT_RAW, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("PASSWORD_SALT_BCRYPT", PHP_PASSWORD_SALT_BCRYPT, CONST_CS | CONST_PERSISTENT); + return SUCCESS; } /* }}} */ @@ -55,15 +59,18 @@ static long php_password_determine_algo(const char *hash, const int len) return 0; } -static int php_password_salt_is_alphabet(const char *str, const int len) /* {{{ */ +static int php_password_salt_is_alphabet(const char *str, const int len, const int salt_type) /* {{{ */ { int i = 0; - for (i = 0; i < len; i++) { - if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { - return 0; + if (salt_type == PHP_PASSWORD_SALT_BCRYPT) { + for (i = 0; i < len; i++) { + if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { + return 0; + } } } + return 1; } /* }}} */ @@ -90,20 +97,23 @@ static int php_password_salt_to64(const char *str, const int str_len, const int #define PHP_PASSWORD_FUNCTION_EXISTS(func, func_len) (zend_hash_find(EG(function_table), (func), (func_len) + 1, (void **) &func_ptr) == SUCCESS && func_ptr->type == ZEND_INTERNAL_FUNCTION && func_ptr->internal_function.handler != zif_display_disabled_function) -static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* {{{ */ +static int php_password_make_salt(long length, int salt_type, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; long i, raw_length; char *buffer; - if (raw) { + if (salt_type == PHP_PASSWORD_SALT_RAW) { raw_length = length; - } else { + } else if (salt_type == PHP_PASSWORD_SALT_BCRYPT) { if (length > (LONG_MAX / 3)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); return FAILURE; } raw_length = length * 3 / 4 + 1; + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown salt type paramter"); + return FAILURE; } buffer = (char *) safe_emalloc(raw_length, 1, 1); @@ -140,9 +150,7 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* } } - if (raw) { - memcpy(ret, buffer, length); - } else { + if (salt_type == PHP_PASSWORD_SALT_BCRYPT) { char *result; result = safe_emalloc(length, 1, 1); if (php_password_salt_to64(buffer, raw_length, length, result) == FAILURE) { @@ -154,6 +162,9 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* memcpy(ret, result, length); efree(result); } + } else { + /* PHP_PASSWORD_SALT_RAW */ + memcpy(ret, buffer, length); } efree(buffer); ret[length] = 0; @@ -266,14 +277,13 @@ PHP_FUNCTION(password_verify) } /* }}} */ -/* {{{ proto string password_make_salt(int length, boolean raw_output = false) +/* {{{ proto string password_make_salt(int length, int salt_type = PASSWORD_SALT_BCRYPT) Make a new random salt */ PHP_FUNCTION(password_make_salt) { char *sa
[PHP-CVS] com php-src: Merge remote branch 'upstream/master' into hash_password: ext/standard/basic_functions.c
Commit:99b7956ad58395853f7950ae01a43139413d348d Author:Anthony Ferrara Tue, 10 Jul 2012 10:33:51 -0400 Parents: 9d3630b5dc8fa066dc4212ead2fffc8635f5bc0a b210766084cbd00b0e479d2800e1920271a3faba Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=99b7956ad58395853f7950ae01a43139413d348d Log: Merge remote branch 'upstream/master' into hash_password * upstream/master: (34 commits) Fixed Bug #62500 (Segfault in DateInterval class when extended) Fixed test bug #62312 (warnings changed one more time) fix valgrind warning fix valgrind warning fixed #62433 test for win update NEWS Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false) appease MSVC (doesnt like unary minus of unsigned ints) appease MSVC (doesnt like unary minus of unsigned ints) appease MSVC (doesnt like unary minus of unsigned ints) - Fixed bug #62507 (['REQUEST_TIME'] under mod_php5 returns miliseconds instead of seconds) Fixed Bug #62500 (Segfault in DateInterval class when extended) Added in NEWS and UPGRADING for feature 55218 Fix two issues with run-tests.php Fix potential integer overflow in nl2br Fix potential integer overflow in bin2hex This wil be PHP 5.3.16 Revert change 3f3ad30c50: There shouldn't be new features in 5.3, especially not if they aren't in 5.4, too. fix (signed) integer overflow (part of bug #52550 fix (signed) integer overflow (part of bug #52550 ... Bugs: https://bugs.php.net/62500 https://bugs.php.net/62312 https://bugs.php.net/62433 https://bugs.php.net/62499 https://bugs.php.net/62507 https://bugs.php.net/52550 Changed paths: MM ext/standard/basic_functions.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Cleanup whitespace issues: ext/standard/password.c
Commit:9d3630b5dc8fa066dc4212ead2fffc8635f5bc0a Author:Anthony Ferrara Thu, 5 Jul 2012 17:58:19 -0400 Parents: ee7e7998410c8fd5bd2183b1af375622f0ca8e02 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=9d3630b5dc8fa066dc4212ead2fffc8635f5bc0a Log: Cleanup whitespace issues Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 9be6f8c..2f1ebb5 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -168,9 +168,9 @@ PHP_FUNCTION(password_get_info) char *hash; zval *options; -if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &hash, &hash_len) == FAILURE) { -RETURN_NULL(); -} + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &hash, &hash_len) == FAILURE) { + RETURN_NULL(); + } ALLOC_INIT_ZVAL(options); array_init(options); @@ -202,8 +202,8 @@ PHP_FUNCTION(password_needs_rehash) zval **option_buffer; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &hash, &hash_len, &new_algo, &options) == FAILURE) { -RETURN_NULL(); -} + RETURN_NULL(); + } algo = php_password_determine_algo(hash, hash_len); if (algo != new_algo) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Implement password_get_info() function: ext/standard/basic_functions.c ext/standard/password.c ext/standard/php_password.h
Commit:ee7e7998410c8fd5bd2183b1af375622f0ca8e02 Author:Anthony Ferrara Thu, 5 Jul 2012 17:46:33 -0400 Parents: db86d54446c461eab518225645889abc509db034 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=ee7e7998410c8fd5bd2183b1af375622f0ca8e02 Log: Implement password_get_info() function Changed paths: M ext/standard/basic_functions.c M ext/standard/password.c M ext/standard/php_password.h Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index bf6f9b0..e6500dd 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1872,6 +1872,9 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_password_hash, 0, 0, 1) ZEND_ARG_INFO(0, algo) ZEND_ARG_INFO(0, options) ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_get_info, 0, 0, 1) + ZEND_ARG_INFO(0, hash) +ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX(arginfo_password_needs_rehash, 0, 0, 1) ZEND_ARG_INFO(0, hash) ZEND_ARG_INFO(0, algo) @@ -2901,6 +2904,7 @@ const zend_function_entry basic_functions[] = { /* {{{ */ PHP_FE(base64_encode, arginfo_base64_encode) PHP_FE(password_hash, arginfo_password_hash) + PHP_FE(password_get_info, arginfo_password_get_info) PHP_FE(password_needs_rehash, arginfo_password_needs_rehash) PHP_FE(password_verify, arginfo_password_verify) PHP_FE(password_make_salt, arginfo_password_make_salt) diff --git a/ext/standard/password.c b/ext/standard/password.c index 6da656c..9be6f8c 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -161,6 +161,38 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* } /* }}} */ +PHP_FUNCTION(password_get_info) +{ + long algo; + int hash_len; + char *hash; + zval *options; + +if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &hash, &hash_len) == FAILURE) { +RETURN_NULL(); +} + + ALLOC_INIT_ZVAL(options); + array_init(options); + + algo = php_password_determine_algo(hash, hash_len); + + switch (algo) { + case PHP_PASSWORD_BCRYPT: + { + long cost = PHP_PASSWORD_BCRYPT_COST; + sscanf(hash, "$2y$%ld$", &cost); + add_assoc_long(options, "cost", cost); + } + break; + } + + array_init(return_value); + + add_assoc_long(return_value, "algo", algo); + add_assoc_zval(return_value, "options", options); +} + PHP_FUNCTION(password_needs_rehash) { long new_algo = 0, algo = 0; diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index 45e6849..90e4d89 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -25,6 +25,7 @@ PHP_FUNCTION(password_hash); PHP_FUNCTION(password_verify); PHP_FUNCTION(password_make_salt); PHP_FUNCTION(password_needs_rehash); +PHP_FUNCTION(password_get_info); PHP_MINIT_FUNCTION(password); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Implement password_needs_rehash() function: ext/standard/basic_functions.c ext/standard/password.c ext/standard/php_password.h
Commit:5160dc11cd9d0e97eb59138f4639e5af0584f370 Author:Anthony Ferrara Thu, 5 Jul 2012 16:22:49 -0400 Parents: 886527de56ecdd412a80a2901b8a0e3b622f037c Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=5160dc11cd9d0e97eb59138f4639e5af0584f370 Log: Implement password_needs_rehash() function Changed paths: M ext/standard/basic_functions.c M ext/standard/password.c M ext/standard/php_password.h Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 9e35a5e..bf6f9b0 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1872,6 +1872,11 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_password_hash, 0, 0, 1) ZEND_ARG_INFO(0, algo) ZEND_ARG_INFO(0, options) ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_needs_rehash, 0, 0, 1) + ZEND_ARG_INFO(0, hash) + ZEND_ARG_INFO(0, algo) + ZEND_ARG_INFO(0, options) +ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX(arginfo_password_verify, 0, 0, 2) ZEND_ARG_INFO(0, password) ZEND_ARG_INFO(0, hash) @@ -2896,6 +2901,7 @@ const zend_function_entry basic_functions[] = { /* {{{ */ PHP_FE(base64_encode, arginfo_base64_encode) PHP_FE(password_hash, arginfo_password_hash) + PHP_FE(password_needs_rehash, arginfo_password_needs_rehash) PHP_FE(password_verify, arginfo_password_verify) PHP_FE(password_make_salt, arginfo_password_make_salt) diff --git a/ext/standard/password.c b/ext/standard/password.c index eb4abd2..9bfb023 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -43,6 +43,18 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ } /* }}} */ +static long php_password_determine_algo(const char *hash, const int len) +{ + if (len < 3) { + return 0; + } + if (hash[0] == '$' && hash[1] == '2' && hash[2] == 'y' && len == 60) { + return PHP_PASSWORD_BCRYPT; + } + + return 0; +} + static int php_password_salt_is_alphabet(const char *str, const int len) /* {{{ */ { int i = 0; @@ -149,6 +161,44 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* } /* }}} */ +PHP_FUNCTION(password_needs_rehash) +{ + long new_algo = 0, algo = 0; + int hash_len; + char *hash; + HashTable *options = 0; + zval **option_buffer; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &hash, &hash_len, &new_algo, &options) == FAILURE) { +RETURN_NULL(); +} + algo = php_password_determine_algo(hash, hash_len); + + if (algo != new_algo) { + RETURN_TRUE; + } + + switch (algo) { + case PHP_PASSWORD_BCRYPT: + { + int newCost = PHP_PASSWORD_BCRYPT_COST, cost = 0; + + if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { + convert_to_long_ex(option_buffer); + newCost = Z_LVAL_PP(option_buffer); + zval_ptr_dtor(option_buffer); + } + + sscanf(hash, "$2y$%d$", &cost); + if (cost != newCost) { + RETURN_TRUE; + } + } + break; + } + RETURN_FALSE; +} + /* {{{ proto boolean password_make_salt(string password, string hash) Verify a hash created using crypt() or password_hash() */ PHP_FUNCTION(password_verify) diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index 57c6b88..45e6849 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -24,6 +24,7 @@ PHP_FUNCTION(password_hash); PHP_FUNCTION(password_verify); PHP_FUNCTION(password_make_salt); +PHP_FUNCTION(password_needs_rehash); PHP_MINIT_FUNCTION(password); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix issue with int vs long parameter: ext/standard/password.c
Commit:db86d54446c461eab518225645889abc509db034 Author:Anthony Ferrara Thu, 5 Jul 2012 17:31:40 -0400 Parents: 5160dc11cd9d0e97eb59138f4639e5af0584f370 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=db86d54446c461eab518225645889abc509db034 Log: Fix issue with int vs long parameter Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 9bfb023..6da656c 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -266,7 +266,8 @@ Hash a password */ PHP_FUNCTION(password_hash) { char *hash_format, *hash, *salt, *password, *result; - int algo = 0, salt_len = 0, required_salt_len = 0, hash_format_len, password_len; + long algo = 0; + int salt_len = 0, required_salt_len = 0, hash_format_len, password_len; HashTable *options = 0; zval **option_buffer; @@ -297,7 +298,7 @@ PHP_FUNCTION(password_hash) } break; default: - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown password hashing algorithm: %d", algo); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown password hashing algorithm: %ld", algo); RETURN_NULL(); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Update signature info for changing algo to an ordinal: ext/standard/password.c
Commit:886527de56ecdd412a80a2901b8a0e3b622f037c Author:Anthony Ferrara Tue, 3 Jul 2012 08:26:50 -0400 Parents: 6943f2ab7f729d26281f9358dba27890d07dd24d Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=886527de56ecdd412a80a2901b8a0e3b622f037c Log: Update signature info for changing algo to an ordinal Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 6de8120..eb4abd2 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -211,7 +211,7 @@ PHP_FUNCTION(password_make_salt) } /* }}} */ -/* {{{ proto string password_hash(string password, string algo, array options = array()) +/* {{{ proto string password_hash(string password, int algo, array options = array()) Hash a password */ PHP_FUNCTION(password_hash) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Some more refactoring, make algo no longer optional: ext/standard/basic_functions.c ext/standard/password.c ext/standard/php_password.h ext/standard/tests/password/password_hash
Commit:6943f2ab7f729d26281f9358dba27890d07dd24d Author:Anthony Ferrara Tue, 3 Jul 2012 08:24:31 -0400 Parents: 6cc3c65fbf06da075934c89e470fa776d4d968fa Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=6943f2ab7f729d26281f9358dba27890d07dd24d Log: Some more refactoring, make algo no longer optional Changed paths: M ext/standard/basic_functions.c M ext/standard/password.c M ext/standard/php_password.h M ext/standard/tests/password/password_hash.phpt M ext/standard/tests/password/password_hash_error.phpt Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 5dc86ab..9e35a5e 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -3846,7 +3846,6 @@ PHP_MINFO_FUNCTION(basic) /* {{{ */ php_info_print_table_start(); BASIC_MINFO_SUBMODULE(dl) BASIC_MINFO_SUBMODULE(mail) - BASIC_MINFO_SUBMODULE(password) php_info_print_table_end(); BASIC_MINFO_SUBMODULE(assert) } diff --git a/ext/standard/password.c b/ext/standard/password.c index 9c03152..6de8120 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -37,8 +37,8 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ { - REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); - REGISTER_STRING_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); return SUCCESS; } /* }}} */ @@ -211,45 +211,44 @@ PHP_FUNCTION(password_make_salt) } /* }}} */ -/* {{{ proto string password_hash(string password, string algo = PASSWORD_DEFAULT, array options = array()) +/* {{{ proto string password_hash(string password, string algo, array options = array()) Hash a password */ PHP_FUNCTION(password_hash) { - char *algo = 0, *hash_format, *hash, *salt, *password, *result; - int algo_len = 0, salt_len = 0, required_salt_len = 0, hash_format_len, password_len; + char *hash_format, *hash, *salt, *password, *result; + int algo = 0, salt_len = 0, required_salt_len = 0, hash_format_len, password_len; HashTable *options = 0; zval **option_buffer; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sH", &password, &password_len, &algo, &algo_len, &options) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &password, &password_len, &algo, &options) == FAILURE) { RETURN_NULL(); } - if (algo_len == 0) { - algo = PHP_PASSWORD_DEFAULT; - algo_len = strlen(PHP_PASSWORD_DEFAULT); - } - - if (strcmp(algo, PHP_PASSWORD_BCRYPT) == 0) { - int cost = PHP_PASSWORD_BCRYPT_COST; - - if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { - convert_to_long_ex(option_buffer); - cost = Z_LVAL_PP(option_buffer); - zval_ptr_dtor(option_buffer); + switch (algo) { + case PHP_PASSWORD_BCRYPT: + { + int cost = PHP_PASSWORD_BCRYPT_COST; + + if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { + convert_to_long_ex(option_buffer); + cost = Z_LVAL_PP(option_buffer); + zval_ptr_dtor(option_buffer); + } + + if (cost < 4 || cost > 31) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost); + RETURN_NULL(); + } + + required_salt_len = 22; + hash_format = emalloc(8); + sprintf(hash_format, "$2y$%02d$", cost); + hash_format_len = 7; } - - if (cost < 4 || cost > 31) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost); + break; + default: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown password hashing algorithm: %d", algo); RETURN_NULL(); - } - - required_salt_len = 22; - hash_format = emalloc(8); - sprintf(ha
[PHP-CVS] com php-src: Remove php.ini setting for default bcrypt cost: ext/standard/password.c ext/standard/php_password.h ext/standard/tests/password/password_hash.phpt php.ini-development php.ini-pr
Commit:6cc3c65fbf06da075934c89e470fa776d4d968fa Author:Anthony Ferrara Tue, 3 Jul 2012 07:33:55 -0400 Parents: f53112fdcf746ef73660059e72f8798d0108acac Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=6cc3c65fbf06da075934c89e470fa776d4d968fa Log: Remove php.ini setting for default bcrypt cost Changed paths: M ext/standard/password.c M ext/standard/php_password.h M ext/standard/tests/password/password_hash.phpt M php.ini-development M php.ini-production Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 558cf24..9c03152 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -43,12 +43,6 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ } /* }}} */ -PHP_MINFO_FUNCTION(password) /* {{{ */ -{ - php_info_print_table_row(2, "Default Password BCrypt Cost", INI_STR("password.bcrypt_cost")); -} -/* }}} */ - static int php_password_salt_is_alphabet(const char *str, const int len) /* {{{ */ { int i = 0; @@ -236,8 +230,7 @@ PHP_FUNCTION(password_hash) } if (strcmp(algo, PHP_PASSWORD_BCRYPT) == 0) { - int cost = 0; - cost = (int) INI_INT("password.bcrypt_cost"); + int cost = PHP_PASSWORD_BCRYPT_COST; if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { convert_to_long_ex(option_buffer); diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index 81fe41f..338665e 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -26,11 +26,12 @@ PHP_FUNCTION(password_verify); PHP_FUNCTION(password_make_salt); PHP_MINIT_FUNCTION(password); -PHP_MINFO_FUNCTION(password); #define PHP_PASSWORD_DEFAULT "2y" #define PHP_PASSWORD_BCRYPT"2y" +#define PHP_PASSWORD_BCRYPT_COST 10 + #endif diff --git a/ext/standard/tests/password/password_hash.phpt b/ext/standard/tests/password/password_hash.phpt index 2fca8b7..3b6fc09 100644 --- a/ext/standard/tests/password/password_hash.phpt +++ b/ext/standard/tests/password/password_hash.phpt @@ -4,9 +4,6 @@ Test normal operation of password_hash() 7, "sal var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0; -// test ini parameter to ensure that it updates -ini_set('password.bcrypt_cost', '5'); -var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0; - - echo "OK!"; ?> --EXPECT-- int(60) bool(true) string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi" -string(60) "$2y$04$MTIzNDU2Nzg5MDEyMzQ1NekACxf2CF7ipfk/b9FllU9Fs8RcUm5UG" -string(60) "$2y$05$MTIzNDU2Nzg5MDEyMzQ1NeVt1jFvl6ZQVujUMmcYvue.Mr5oZVQa2" +string(60) "$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y" OK! + diff --git a/php.ini-development b/php.ini-development index 5f1205e..a5a7a4a 100644 --- a/php.ini-development +++ b/php.ini-development @@ -1359,15 +1359,6 @@ bcmath.scale = 0 ; http://php.net/browscap ;browscap = extra/browscap.ini -[password] -; The default cost of a bcrypt hash created using password_hash() -; Note that this is only the default, and can be overriden by the -; options argument to password_hash(). Additionally, it only affects -; newly created hashes. A higher value will make the generated -; hash more resistent to brute forcing, but will also use more CPU -; Default: 11 -; password.bcrypt_cost = 11 - [Session] ; Handler used to store/retrieve data. ; http://php.net/session.save-handler diff --git a/php.ini-production b/php.ini-production index 927f305..5d8f26e 100644 --- a/php.ini-production +++ b/php.ini-production @@ -1359,15 +1359,6 @@ bcmath.scale = 0 ; http://php.net/browscap ;browscap = extra/browscap.ini -[password] -; The default cost of a bcrypt hash created using password_hash() -; Note that this is only the default, and can be overriden by the -; options argument to password_hash(). Additionally, it only affects -; newly created hashes. A higher value will make the generated -; hash more resistent to brute forcing, but will also use more CPU -; Default: 11 -; password.bcrypt_cost = 11 - [Session] ; Handler used to store/retrieve data. ; http://php.net/session.save-handler -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Update password.c to use safe_emalloc in sensitive places: ext/standard/password.c
Commit:f53112fdcf746ef73660059e72f8798d0108acac Author:Anthony Ferrara Fri, 29 Jun 2012 11:37:39 -0400 Parents: 9c1445c6bcee99dbe1eeb9eb8eb6cd626ca72a9c Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f53112fdcf746ef73660059e72f8798d0108acac Log: Update password.c to use safe_emalloc in sensitive places Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 982ae7d..558cf24 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -99,7 +99,7 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* } raw_length = length * 3 / 4 + 1; } - buffer = (char *) emalloc(raw_length + 1); + buffer = (char *) safe_emalloc(raw_length, 1, 1); #if PHP_WIN32 { @@ -138,7 +138,7 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* memcpy(ret, buffer, length); } else { char *result; - result = emalloc(length + 1); + result = safe_emalloc(length, 1, 1); if (php_password_salt_to64(buffer, raw_length, length, result) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Generated salt too short"); efree(buffer); @@ -208,7 +208,7 @@ PHP_FUNCTION(password_make_salt) RETURN_NULL(); } - salt = emalloc(length + 1); + salt = safe_emalloc(length, 1, 1); if (php_password_make_salt(length, (int) raw_output, salt TSRMLS_CC) == FAILURE) { efree(salt); RETURN_FALSE; @@ -316,7 +316,7 @@ PHP_FUNCTION(password_hash) salt[salt_len] = 0; - hash = emalloc(salt_len + hash_format_len + 1); + hash = safe_emalloc(salt_len + hash_format_len, 1, 1); sprintf(hash, "%s%s", hash_format, salt); hash[hash_format_len + salt_len] = 0; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: More refactoring of crypt into php_crypt, and fixing memory allocation: ext/standard/crypt.c ext/standard/password.c ext/standard/php_crypt.h
Commit:9c1445c6bcee99dbe1eeb9eb8eb6cd626ca72a9c Author:Anthony Ferrara Fri, 29 Jun 2012 11:32:25 -0400 Parents: 9e18e578f0e7f30c2d73ae38620b5fd228ac21eb Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=9c1445c6bcee99dbe1eeb9eb8eb6cd626ca72a9c Log: More refactoring of crypt into php_crypt, and fixing memory allocation Changed paths: M ext/standard/crypt.c M ext/standard/password.c M ext/standard/php_crypt.h Diff: diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 25f5ec0..3b443fc 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -145,7 +145,7 @@ static void php_to64(char *s, long v, int n) /* {{{ */ } /* }}} */ -PHPAPI int crypt_execute(const char *password, const int pass_len, const char *salt, int salt_len, char **result) +PHPAPI int php_crypt(const char *password, const int pass_len, const char *salt, int salt_len, char **result) { char *crypt_res; /* Windows (win32/crypt) has a stripped down version of libxcrypt and @@ -159,46 +159,38 @@ PHPAPI int crypt_execute(const char *password, const int pass_len, const char *s out = php_md5_crypt_r(password, salt, output); if (out) { - *result = (char *) emalloc(MD5_HASH_MAX_LEN + 1); - memcpy(*result, out, MD5_HASH_MAX_LEN); - *result[MD5_HASH_MAX_LEN] = 0; + *result = estrdup(out); return SUCCESS; } return FAILURE; } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { - const char sha512_salt_prefix[] = "$6$"; - const char sha512_rounds_prefix[] = "rounds="; char *output; - int needed = (sizeof(sha512_salt_prefix) - 1 - + sizeof(sha512_rounds_prefix) + 9 + 1 - + salt_in_len + 1 + 86 + 1); - output = emalloc(needed); + output = emalloc(PHP_MAX_SALT_LEN); - crypt_res = php_sha512_crypt_r(password, salt, output, needed); + crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); if (!crypt_res) { - memset(output, 0, needed); + memset(output, 0, PHP_MAX_SALT_LEN); efree(output); return FAILURE; } else { - *result = output; + *result = estrdup(output); + memset(output, 0, PHP_MAX_SALT_LEN); + efree(output); return SUCCESS; } } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { - const char sha256_salt_prefix[] = "$5$"; - const char sha256_rounds_prefix[] = "rounds="; char *output; - int needed = (sizeof(sha256_salt_prefix) - 1 - + sizeof(sha256_rounds_prefix) + 9 + 1 - + salt_in_len + 1 + 43 + 1); - output = emalloc(needed); + output = emalloc(PHP_MAX_SALT_LEN); - crypt_res = php_sha256_crypt_r(password, salt, output, needed); + crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); if (!crypt_res) { - memset(output, 0, needed); + memset(output, 0, PHP_MAX_SALT_LEN); efree(output); return FAILURE; } else { - *result = output; + *result = estrdup(output); + memset(output, 0, PHP_MAX_SALT_LEN); + efree(output); return SUCCESS; } } else if ( @@ -218,11 +210,7 @@ PHPAPI int crypt_execute(const char *password, const int pass_len, const char *s memset(output, 0, PHP_MAX_SALT_LEN + 1); return FAILURE; } else { - int result_len; - result_len = strlen(output); - *result = emalloc(result_len
[PHP-CVS] com php-src: Refactor password.c a bit, add different error checking: ext/standard/password.c ext/standard/tests/password/password_bcrypt_errors.phpt ext/standard/tests/password/password_has
Commit:da3d8bf514e61a486065b0bf335b4657f20e6b66 Author:Anthony Ferrara Thu, 28 Jun 2012 15:29:40 -0400 Parents: 6bb3865a235d437d91df1940b0caad6995b69d4c Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=da3d8bf514e61a486065b0bf335b4657f20e6b66 Log: Refactor password.c a bit, add different error checking Changed paths: M ext/standard/password.c M ext/standard/tests/password/password_bcrypt_errors.phpt M ext/standard/tests/password/password_hash_error.phpt M ext/standard/tests/password/password_make_salt_error.phpt diff --git a/ext/standard/password.c b/ext/standard/password.c index e0e260a..dfe624d 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -21,10 +21,12 @@ #include #include "php.h" +#if HAVE_CRYPT #include "fcntl.h" #include "php_password.h" #include "php_rand.h" +#include "php_crypt.h" #include "base64.h" #include "zend_interfaces.h" #include "info.h" @@ -157,28 +159,19 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* Verify a hash created using crypt() or password_hash() */ PHP_FUNCTION(password_verify) { - zval *password, *hash, *ret; int status = 0, i; - zend_function *func_ptr; - - if (!PHP_PASSWORD_FUNCTION_EXISTS("crypt", 5)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Crypt must be loaded for password_verify to function"); - RETURN_FALSE; - } - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &password, &hash) == FAILURE) { + int password_len, hash_len; + char *ret, *password, *hash; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &password, &password_len, &hash, &hash_len) == FAILURE) { RETURN_FALSE; } - - zend_call_method_with_2_params(NULL, NULL, NULL, "crypt", &ret, password, hash); - - if (Z_TYPE_P(ret) != IS_STRING) { - zval_ptr_dtor(&ret); + if (crypt_execute(password, password_len, hash, hash_len, &ret) == FAILURE) { RETURN_FALSE; } - if (Z_STRLEN_P(ret) != Z_STRLEN_P(hash)) { - zval_ptr_dtor(&ret); + if (strlen(ret) != hash_len) { + efree(ret); RETURN_FALSE; } @@ -186,11 +179,11 @@ PHP_FUNCTION(password_verify) * resistence towards timing attacks. This is a constant time * equality check that will always check every byte of both * values. */ - for (i = 0; i < Z_STRLEN_P(ret); i++) { - status |= (Z_STRVAL_P(ret)[i] ^ Z_STRVAL_P(hash)[i]); + for (i = 0; i < hash_len; i++) { + status |= (ret[i] ^ hash[i]); } - zval_ptr_dtor(&ret); + efree(ret); RETURN_BOOL(status == 0); @@ -205,14 +198,14 @@ PHP_FUNCTION(password_make_salt) long length = 0; zend_bool raw_output = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|b", &length, &raw_output) == FAILURE) { - RETURN_FALSE; + RETURN_NULL(); } if (length <= 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length cannot be less than or equal zero: %ld", length); - RETURN_FALSE; + RETURN_NULL(); } else if (length > (LONG_MAX / 3)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); - RETURN_FALSE; + RETURN_NULL(); } salt = emalloc(length + 1); @@ -228,24 +221,13 @@ PHP_FUNCTION(password_make_salt) Hash a password */ PHP_FUNCTION(password_hash) { - char *algo = 0, *hash_format, *hash, *salt; - int algo_len = 0, salt_len = 0, required_salt_len = 0, hash_format_len; + char *algo = 0, *hash_format, *hash, *salt, *password, *result; + int algo_len = 0, salt_len = 0, required_salt_len = 0, hash_format_len, password_len; HashTable *options = 0; - zval **option_buffer, *ret, *password, *hash_zval; - zend_function *func_ptr; - - if (!PHP_PASSWORD_FUNCTION_EXISTS("crypt", 5)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Crypt must be loaded for password_hash to function"); - RETURN_FALSE; - } - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|sH", &password, &algo, &algo_len, &options) == FAILURE) { - RETURN_FALSE; - } + zval **option_buffer; - if (Z_TYPE_P(password) != IS_STRING) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password must be a string"); -
[PHP-CVS] com php-src: Refactor crypt to use an external working function: ext/standard/crypt.c ext/standard/php_crypt.h
Commit:6bb3865a235d437d91df1940b0caad6995b69d4c Author:Anthony Ferrara Thu, 28 Jun 2012 14:44:04 -0400 Parents: 0dd2f16b148f4054d65645b9cf971fe08824d78d Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=6bb3865a235d437d91df1940b0caad6995b69d4c Log: Refactor crypt to use an external working function Changed paths: M ext/standard/crypt.c M ext/standard/php_crypt.h Diff: diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 9a1fcf1..a592a4b 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -145,44 +145,9 @@ static void php_to64(char *s, long v, int n) /* {{{ */ } /* }}} */ -/* {{{ proto string crypt(string str [, string salt]) - Hash a string */ -PHP_FUNCTION(crypt) +PHPAPI int crypt_execute(const char *password, const int pass_len, const char *salt, int salt_len, char **result) { - char salt[PHP_MAX_SALT_LEN + 1]; - char *str, *salt_in = NULL; - int str_len, salt_in_len = 0; char *crypt_res; - salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; - - /* This will produce suitable results if people depend on DES-encryption -* available (passing always 2-character salt). At least for glibc6.1 */ - memset(&salt[1], '$', PHP_MAX_SALT_LEN - 1); - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len, &salt_in, &salt_in_len) == FAILURE) { - return; - } - - if (salt_in) { - memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len)); - } - - /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ - if (!*salt) { -#if PHP_MD5_CRYPT - strncpy(salt, "$1$", PHP_MAX_SALT_LEN); - php_to64(&salt[3], PHP_CRYPT_RAND, 4); - php_to64(&salt[7], PHP_CRYPT_RAND, 4); - strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); -#elif PHP_STD_DES_CRYPT - php_to64(&salt[0], PHP_CRYPT_RAND, 2); - salt[2] = '\0'; -#endif - salt_in_len = strlen(salt); - } else { - salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); - } - /* Windows (win32/crypt) has a stripped down version of libxcrypt and a CryptoApi md5_crypt implementation */ #if PHP_USE_PHP_CRYPT_R @@ -190,55 +155,52 @@ PHP_FUNCTION(crypt) struct php_crypt_extended_data buffer; if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') { - char output[MD5_HASH_MAX_LEN]; - - RETURN_STRING(php_md5_crypt_r(str, salt, output), 1); + char output[MD5_HASH_MAX_LEN], *out; + + out = php_md5_crypt_r(password, salt, output); + if (out) { + *result = (char *) emalloc(MD5_HASH_MAX_LEN + 1); + memcpy(*result, out, MD5_HASH_MAX_LEN); + *result[MD5_HASH_MAX_LEN] = 0; + return SUCCESS; + } + return FAILURE; } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { const char sha512_salt_prefix[] = "$6$"; const char sha512_rounds_prefix[] = "rounds="; char *output; int needed = (sizeof(sha512_salt_prefix) - 1 + sizeof(sha512_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); + + PHP_MAX_SALT_LEN + 43 + 1); output = emalloc(needed); - salt[salt_in_len] = '\0'; - crypt_res = php_sha512_crypt_r(str, salt, output, needed); + crypt_res = php_sha512_crypt_r(password, salt, output, needed); if (!crypt_res) { - if (salt[0]=='*' && salt[1]=='0') { - RETVAL_STRING("*1", 1); - } else { - RETVAL_STRING("*0", 1); - } + memset(output, 0, needed); + efree(output); + return FAILURE; } else { - RETVAL_STRING(output, 1); + *result = output; + return SUCCESS; } - - memset(output, 0, PHP_MAX_SALT_LEN + 1); -
[PHP-CVS] com php-src: Fix formatting issues in password.c: ext/standard/password.c
Commit:0dd2f16b148f4054d65645b9cf971fe08824d78d Author:Anthony Ferrara Wed, 27 Jun 2012 11:04:41 -0400 Parents: 5f44be03af7733c2618d980e77426572fb0148df Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=0dd2f16b148f4054d65645b9cf971fe08824d78d Log: Fix formatting issues in password.c Changed paths: M ext/standard/password.c diff --git a/ext/standard/password.c b/ext/standard/password.c index ab115af..e0e260a 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -33,8 +33,6 @@ #include "win32/winutil.h" #endif - - PHP_MINIT_FUNCTION(password) /* {{{ */ { REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); @@ -49,40 +47,42 @@ PHP_MINFO_FUNCTION(password) /* {{{ */ } /* }}} */ -static int php_password_salt_is_alphabet(const char *str, const int len) +static int php_password_salt_is_alphabet(const char *str, const int len) /* {{{ */ { -int i = 0; - -for (i = 0; i < len; i++) { -if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { -return 0; -} -} -return 1; + int i = 0; + + for (i = 0; i < len; i++) { + if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { + return 0; + } + } + return 1; } +/* }}} */ -static int php_password_salt_to64(const char *str, const int str_len, const int out_len, char *ret) +static int php_password_salt_to64(const char *str, const int str_len, const int out_len, char *ret) /* {{{ */ { -int pos = 0; + int pos = 0; unsigned char *buffer; -buffer = php_base64_encode((unsigned char*) str, str_len, NULL); -for (pos = 0; pos < out_len; pos++) { -if (buffer[pos] == '+') { -ret[pos] = '.'; + buffer = php_base64_encode((unsigned char*) str, str_len, NULL); + for (pos = 0; pos < out_len; pos++) { + if (buffer[pos] == '+') { + ret[pos] = '.'; } else if (buffer[pos] == '=') { efree(buffer); return FAILURE; -} else { + } else { ret[pos] = buffer[pos]; } -} + } efree(buffer); return SUCCESS; } +/* }}} */ #define PHP_PASSWORD_FUNCTION_EXISTS(func, func_len) (zend_hash_find(EG(function_table), (func), (func_len) + 1, (void **) &func_ptr) == SUCCESS && func_ptr->type == ZEND_INTERNAL_FUNCTION && func_ptr->internal_function.handler != zif_display_disabled_function) -static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) +static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; long i, raw_length; @@ -131,7 +131,6 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) buffer[i] ^= (char) (255.0 * php_rand(TSRMLS_C) / RAND_MAX); } } - /* /Temp Placeholder */ if (raw) { memcpy(ret, buffer, length); @@ -151,8 +150,11 @@ static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) efree(buffer); ret[length] = 0; return SUCCESS; -} +} +/* }}} */ +/* {{{ proto boolean password_make_salt(string password, string hash) +Verify a hash created using crypt() or password_hash() */ PHP_FUNCTION(password_verify) { zval *password, *hash, *ret; @@ -165,8 +167,8 @@ PHP_FUNCTION(password_verify) } if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &password, &hash) == FAILURE) { -RETURN_FALSE; -} + RETURN_FALSE; + } zend_call_method_with_2_params(NULL, NULL, NULL, "crypt", &ret, password, hash); @@ -193,15 +195,18 @@ PHP_FUNCTION(password_verify) RETURN_BOOL(status == 0); } +/* }}} */ +/* {{{ proto string password_make_salt(int length, boolean raw_output = false) +Make a new random salt */ PHP_FUNCTION(password_make_salt) { char *salt; long length = 0; zend_bool raw_output = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|b", &
[PHP-CVS] com php-src: Update tests to check ini setting: ext/standard/tests/password/password_hash.phpt
Commit:2b9591f11f2573f8d9032477b7ad49c6cf92988c Author:Anthony Ferrara Tue, 26 Jun 2012 22:13:51 -0400 Parents: e505316aeba0fbb52cd21ff84af784a9d3e2b49a Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=2b9591f11f2573f8d9032477b7ad49c6cf92988c Log: Update tests to check ini setting Changed paths: M ext/standard/tests/password/password_hash.phpt Diff: diff --git a/ext/standard/tests/password/password_hash.phpt b/ext/standard/tests/password/password_hash.phpt index ecefa10..2fca8b7 100644 --- a/ext/standard/tests/password/password_hash.phpt +++ b/ext/standard/tests/password/password_hash.phpt @@ -17,6 +17,11 @@ var_dump(password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "sal var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0; +// test ini parameter to ensure that it updates +ini_set('password.bcrypt_cost', '5'); +var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0; + + echo "OK!"; ?> --EXPECT-- @@ -24,4 +29,5 @@ int(60) bool(true) string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi" string(60) "$2y$04$MTIzNDU2Nzg5MDEyMzQ1NekACxf2CF7ipfk/b9FllU9Fs8RcUm5UG" +string(60) "$2y$05$MTIzNDU2Nzg5MDEyMzQ1NeVt1jFvl6ZQVujUMmcYvue.Mr5oZVQa2" OK! -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Add tests and error checking for large salt requested values to prevent overflow on allocation: ext/standard/password.c ext/standard/tests/password/password_make_salt_error.phpt
Commit:5f44be03af7733c2618d980e77426572fb0148df Author:Anthony Ferrara Tue, 26 Jun 2012 23:09:08 -0400 Parents: 2b9591f11f2573f8d9032477b7ad49c6cf92988c Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=5f44be03af7733c2618d980e77426572fb0148df Log: Add tests and error checking for large salt requested values to prevent overflow on allocation Changed paths: M ext/standard/password.c M ext/standard/tests/password/password_make_salt_error.phpt Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 94aa4dc..ab115af 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -82,14 +82,19 @@ static int php_password_salt_to64(const char *str, const int str_len, const int #define PHP_PASSWORD_FUNCTION_EXISTS(func, func_len) (zend_hash_find(EG(function_table), (func), (func_len) + 1, (void **) &func_ptr) == SUCCESS && func_ptr->type == ZEND_INTERNAL_FUNCTION && func_ptr->internal_function.handler != zif_display_disabled_function) -static int php_password_make_salt(int length, int raw, char *ret TSRMLS_DC) +static int php_password_make_salt(long length, int raw, char *ret TSRMLS_DC) { - int i, raw_length, buffer_valid = 0; + int buffer_valid = 0; + long i, raw_length; char *buffer; if (raw) { raw_length = length; } else { + if (length > (LONG_MAX / 3)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); + return FAILURE; + } raw_length = length * 3 / 4 + 1; } buffer = (char *) emalloc(raw_length + 1); @@ -192,15 +197,19 @@ PHP_FUNCTION(password_verify) PHP_FUNCTION(password_make_salt) { char *salt; - int length = 0; + long length = 0; zend_bool raw_output = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|b", &length, &raw_output) == FAILURE) { RETURN_FALSE; } if (length <= 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length cannot be less than or equal zero: %d", length); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length cannot be less than or equal zero: %ld", length); + RETURN_FALSE; + } else if (length > (LONG_MAX / 3)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); RETURN_FALSE; } + salt = emalloc(length + 1); if (php_password_make_salt(length, (int) raw_output, salt TSRMLS_CC) == FAILURE) { efree(salt); @@ -298,7 +307,7 @@ PHP_FUNCTION(password_hash) zval_ptr_dtor(option_buffer); } else { salt = emalloc(required_salt_len + 1); - if (php_password_make_salt(required_salt_len, 0, salt TSRMLS_CC) == FAILURE) { + if (php_password_make_salt((long) required_salt_len, 0, salt TSRMLS_CC) == FAILURE) { efree(hash_format); efree(salt); RETURN_FALSE; diff --git a/ext/standard/tests/password/password_make_salt_error.phpt b/ext/standard/tests/password/password_make_salt_error.phpt index 7d79713..8078582 100644 --- a/ext/standard/tests/password/password_make_salt_error.phpt +++ b/ext/standard/tests/password/password_make_salt_error.phpt @@ -10,6 +10,10 @@ var_dump(password_make_salt("foo")); var_dump(password_make_salt(-1)); +var_dump(password_make_salt(PHP_INT_MAX)); + +var_dump(password_make_salt(floor(PHP_INT_MAX / 2.9))); + ?> --EXPECTF-- Warning: password_make_salt() expects at least 1 parameter, 0 given in %s on line %d @@ -21,3 +25,9 @@ bool(false) Warning: password_make_salt(): Length cannot be less than or equal zero: -1 in %s on line %d bool(false) +Warning: password_make_salt(): Length is too large to safely generate in %s on line %d +bool(false) + +Warning: password_make_salt(): Length is too large to safely generate in %s on line %d +bool(false) + -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Implement php.ini setting password.bcrypt_cost: ext/standard/basic_functions.c ext/standard/password.c ext/standard/php_password.h main/main.c php.ini-development php.ini-produc
Commit:232da90388de2a3ba4ad430d281469498e88aca2 Author:Anthony Ferrara Tue, 26 Jun 2012 21:15:56 -0400 Parents: 2d4b7cb653efc3f52ca907f48b1c828632df5e41 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=232da90388de2a3ba4ad430d281469498e88aca2 Log: Implement php.ini setting password.bcrypt_cost Changed paths: M ext/standard/basic_functions.c M ext/standard/password.c M ext/standard/php_password.h M main/main.c M php.ini-development M php.ini-production Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 9e35a5e..5dc86ab 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -3846,6 +3846,7 @@ PHP_MINFO_FUNCTION(basic) /* {{{ */ php_info_print_table_start(); BASIC_MINFO_SUBMODULE(dl) BASIC_MINFO_SUBMODULE(mail) + BASIC_MINFO_SUBMODULE(password) php_info_print_table_end(); BASIC_MINFO_SUBMODULE(assert) } diff --git a/ext/standard/password.c b/ext/standard/password.c index f049fbc..94aa4dc 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -43,6 +43,11 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ } /* }}} */ +PHP_MINFO_FUNCTION(password) /* {{{ */ +{ + php_info_print_table_row(2, "Default Password BCrypt Cost", INI_STR("password.bcrypt_cost")); +} +/* }}} */ static int php_password_salt_is_alphabet(const char *str, const int len) { @@ -169,7 +174,11 @@ PHP_FUNCTION(password_verify) zval_ptr_dtor(&ret); RETURN_FALSE; } - + + /* We're using this method instead of == in order to provide +* resistence towards timing attacks. This is a constant time +* equality check that will always check every byte of both +* values. */ for (i = 0; i < Z_STRLEN_P(ret); i++) { status |= (Z_STRVAL_P(ret)[i] ^ Z_STRVAL_P(hash)[i]); } @@ -231,16 +240,20 @@ PHP_FUNCTION(password_hash) } if (strcmp(algo, PHP_PASSWORD_BCRYPT) == 0) { - int cost = PHP_PASSWORD_BCRYPT_DEFAULT_COST; + int cost = 0; + cost = (int) INI_INT("password.bcrypt_cost"); + if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { convert_to_long_ex(option_buffer); cost = Z_LVAL_PP(option_buffer); zval_ptr_dtor(option_buffer); - if (cost < 4 || cost > 31) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost); - RETURN_FALSE; - } } + + if (cost < 4 || cost > 31) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost); + RETURN_FALSE; + } + required_salt_len = 22; hash_format = emalloc(8); sprintf(hash_format, "$2y$%02d$", cost); diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index 830d31c..81fe41f 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -26,13 +26,11 @@ PHP_FUNCTION(password_verify); PHP_FUNCTION(password_make_salt); PHP_MINIT_FUNCTION(password); +PHP_MINFO_FUNCTION(password); #define PHP_PASSWORD_DEFAULT "2y" #define PHP_PASSWORD_BCRYPT"2y" -#define PHP_PASSWORD_BCRYPT_DEFAULT_COST 12; - - #endif diff --git a/main/main.c b/main/main.c index cc04b13..e52c32c 100644 --- a/main/main.c +++ b/main/main.c @@ -540,6 +540,8 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("error_append_string",NULL, PHP_INI_ALL,OnUpdateString, error_append_string, php_core_globals, core_globals) STD_PHP_INI_ENTRY("error_prepend_string", NULL, PHP_INI_ALL,OnUpdateString, error_prepend_string, php_core_globals, core_globals) + PHP_INI_ENTRY("password.bcrypt_cost", "11", PHP_INI_ALL,NULL) + PHP_INI_ENTRY("SMTP", "localhost",PHP_INI_ALL,NULL) PHP_INI_ENTRY("smtp_port", "25", PHP_INI_ALL,NULL) STD_PHP_INI_BOOLEAN("mail.add_x_header","0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, mail_x_header, php_core_globals, core_globals) diff --git a/php.ini-d
[PHP-CVS] com php-src: Add tests for password hashing: ext/standard/tests/password/password_bcrypt_errors.phpt ext/standard/tests/password/password_hash.phpt ext/standard/tests/password/password_hash_
Commit:e505316aeba0fbb52cd21ff84af784a9d3e2b49a Author:Anthony Ferrara Tue, 26 Jun 2012 22:05:25 -0400 Parents: 232da90388de2a3ba4ad430d281469498e88aca2 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e505316aeba0fbb52cd21ff84af784a9d3e2b49a Log: Add tests for password hashing Changed paths: A ext/standard/tests/password/password_bcrypt_errors.phpt A ext/standard/tests/password/password_hash.phpt A ext/standard/tests/password/password_hash_error.phpt A ext/standard/tests/password/password_make_salt.phpt A ext/standard/tests/password/password_make_salt_error.phpt A ext/standard/tests/password/password_verify.phpt A ext/standard/tests/password/password_verify_error.phpt Diff: diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt new file mode 100644 index 000..4223817 --- /dev/null +++ b/ext/standard/tests/password/password_bcrypt_errors.phpt @@ -0,0 +1,28 @@ +--TEST-- +Test error operation of password_hash() with bcrypt hashing +--FILE-- + 3))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => 32))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => "foo"))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => "123456789012345678901"))); + +?> +--EXPECTF-- +Warning: password_hash(): Invalid bcrypt cost parameter specified: 3 in %s on line %d +bool(false) + +Warning: password_hash(): Invalid bcrypt cost parameter specified: 32 in %s on line %d +bool(false) + +Warning: password_hash(): Provided salt is too short: 3 expecting 22 in %s on line %d +bool(false) + +Warning: password_hash(): Provided salt is too short: 21 expecting 22 in %s on line %d +bool(false) + diff --git a/ext/standard/tests/password/password_hash.phpt b/ext/standard/tests/password/password_hash.phpt new file mode 100644 index 000..ecefa10 --- /dev/null +++ b/ext/standard/tests/password/password_hash.phpt @@ -0,0 +1,27 @@ +--TEST-- +Test normal operation of password_hash() +--FILE-- + 7, "salt" => "usesomesillystringforsalt"))); + +var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0; + +echo "OK!"; +?> +--EXPECT-- +int(60) +bool(true) +string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi" +string(60) "$2y$04$MTIzNDU2Nzg5MDEyMzQ1NekACxf2CF7ipfk/b9FllU9Fs8RcUm5UG" +OK! diff --git a/ext/standard/tests/password/password_hash_error.phpt b/ext/standard/tests/password/password_hash_error.phpt new file mode 100644 index 000..dfbb094 --- /dev/null +++ b/ext/standard/tests/password/password_hash_error.phpt @@ -0,0 +1,38 @@ +--TEST-- +Test error operation of password_hash() +--FILE-- + 13))); + +?> +--EXPECTF-- +Warning: password_hash() expects at least 1 parameter, 0 given in %s on line %d +bool(false) + +Warning: password_hash() expects parameter 2 to be string, array given in %s on line %d +bool(false) + +Warning: password_hash(): Unknown password hashing algorithm: bar in %s on line %d +bool(false) + +Warning: password_hash() expects parameter 3 to be array, string given in %s on line %d +bool(false) + +Warning: password_hash(): Password must be a string in %s on line %d +bool(false) + +Warning: password_hash(): Non-string salt parameter supplied in %s on line %d +bool(false) + diff --git a/ext/standard/tests/password/password_make_salt.phpt b/ext/standard/tests/password/password_make_salt.phpt new file mode 100644 index 000..63b56f8 --- /dev/null +++ b/ext/standard/tests/password/password_make_salt.phpt @@ -0,0 +1,40 @@ +--TEST-- +Test normal operation of password_make_salt() +--FILE-- + +--EXPECT-- +1 +2 +3 +4 +5 + +1 +2 +3 +4 +5 + +bool(true) +OK! diff --git a/ext/standard/tests/password/password_make_salt_error.phpt b/ext/standard/tests/password/password_make_salt_error.phpt new file mode 100644 index 000..7d79713 --- /dev/null +++ b/ext/standard/tests/password/password_make_salt_error.phpt @@ -0,0 +1,23 @@ +--TEST-- +Test error operation of password_make_salt() +--FILE-- + +--EXPECTF-- +Warning: password_make_salt() expects at least 1 parameter, 0 given in %s on line %d +bool(false) + +Warning: password_make_salt() expects parameter 1 to be long, string given in %s on line %d +bool(false) + +Warning: password_make_salt(): Length cannot be less than or equal zero: -1 in %s on line %d +bool(false) + diff --git a/ext/standard/tests/password/password_verify.phpt b/ext/standard/tests/password/password_verify.phpt new file mode 100644 index 000..e7ecc7e --- /dev/null +++ b/ext/standard/tests/password/password_verify.phpt @@ -0,0 +1,21 @@ +--TEST-- +Test normal operation of password_verify) +--FILE-- + +--EXPECT-- +bool(false) +bool(false) +bool(false) +bool(true)
[PHP-CVS] com php-src: Refactor salt generation, rename password_create to password_hash: ext/standard/basic_functions.c ext/standard/password.c ext/standard/php_password.h
Commit:2d4b7cb653efc3f52ca907f48b1c828632df5e41 Author:Anthony Ferrara Mon, 25 Jun 2012 21:22:16 -0400 Parents: 41d7374ea4598000fd626c0d8cd4736aec6357bf Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=2d4b7cb653efc3f52ca907f48b1c828632df5e41 Log: Refactor salt generation, rename password_create to password_hash Changed paths: M ext/standard/basic_functions.c M ext/standard/password.c M ext/standard/php_password.h Diff: diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 64025db..9e35a5e 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1867,7 +1867,7 @@ ZEND_BEGIN_ARG_INFO(arginfo_getlastmod, 0) ZEND_END_ARG_INFO() /* }}} */ /* {{{ password.c */ -ZEND_BEGIN_ARG_INFO_EX(arginfo_password_create, 0, 0, 1) +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_hash, 0, 0, 1) ZEND_ARG_INFO(0, password) ZEND_ARG_INFO(0, algo) ZEND_ARG_INFO(0, options) @@ -2895,7 +2895,7 @@ const zend_function_entry basic_functions[] = { /* {{{ */ PHP_FE(base64_decode, arginfo_base64_decode) PHP_FE(base64_encode, arginfo_base64_encode) - PHP_FE(password_create, arginfo_password_create) + PHP_FE(password_hash, arginfo_password_hash) PHP_FE(password_verify, arginfo_password_verify) PHP_FE(password_make_salt, arginfo_password_make_salt) diff --git a/ext/standard/password.c b/ext/standard/password.c index f2c94fb..f049fbc 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -21,19 +21,24 @@ #include #include "php.h" -#include "ext/hash/php_hash.h" + +#include "fcntl.h" #include "php_password.h" #include "php_rand.h" #include "base64.h" #include "zend_interfaces.h" +#include "info.h" + +#if PHP_WIN32 +#include "win32/winutil.h" +#endif + + PHP_MINIT_FUNCTION(password) /* {{{ */ { REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); REGISTER_STRING_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); - REGISTER_STRING_CONSTANT("PASSWORD_MD5", PHP_PASSWORD_MD5, CONST_CS | CONST_PERSISTENT); - REGISTER_STRING_CONSTANT("PASSWORD_SHA256", PHP_PASSWORD_SHA256, CONST_CS | CONST_PERSISTENT); - REGISTER_STRING_CONSTANT("PASSWORD_SHA512", PHP_PASSWORD_SHA512, CONST_CS | CONST_PERSISTENT); return SUCCESS; } /* }}} */ @@ -76,7 +81,6 @@ static int php_password_make_salt(int length, int raw, char *ret TSRMLS_DC) { int i, raw_length, buffer_valid = 0; char *buffer; - zend_function *func_ptr; if (raw) { raw_length = length; @@ -84,42 +88,37 @@ static int php_password_make_salt(int length, int raw, char *ret TSRMLS_DC) raw_length = length * 3 / 4 + 1; } buffer = (char *) emalloc(raw_length + 1); - - /* Temp Placeholder */ - if (PHP_PASSWORD_FUNCTION_EXISTS("mcrypt_create_iv", 16)) { - zval *ret, *size, *source; - ALLOC_INIT_ZVAL(size); - ZVAL_LONG(size, raw_length); - ALLOC_INIT_ZVAL(source) - ZVAL_LONG(source, 1); // MCRYPT_DEV_URANDOM - zend_call_method_with_2_params(NULL, NULL, NULL, "mcrypt_create_iv", &ret, size, source); - zval_ptr_dtor(&size); - zval_ptr_dtor(&source); - if (Z_TYPE_P(ret) == IS_STRING) { - memcpy(buffer, Z_STRVAL_P(ret), raw_length); + +#if PHP_WIN32 + { + BYTE *iv_b = (BYTE *) buffer; + if (php_win32_get_random_bytes(iv_b, (size_t) raw_length) == SUCCESS) { buffer_valid = 1; } - zval_ptr_dtor(&ret); } - if (!buffer_valid && PHP_PASSWORD_FUNCTION_EXISTS("openssl_random_pseudo_bytes", 27)) { - zval *ret, *size; - ALLOC_INIT_ZVAL(size); - ZVAL_LONG(size, raw_length); - zend_call_method_with_1_params(NULL, NULL, NULL, "openssl_random_pseudo_bytes", &ret, size); - zval_ptr_dtor(&size); -
[PHP-CVS] com php-src: Implement openssl support for make_salt: ext/standard/password.c
Commit:41d7374ea4598000fd626c0d8cd4736aec6357bf Author:Anthony Ferrara Mon, 25 Jun 2012 11:37:48 -0400 Parents: 618f2629567ca3a3d1817ca9c4c62339fb5fb886 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=41d7374ea4598000fd626c0d8cd4736aec6357bf Log: Implement openssl support for make_salt Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 013dab7..f2c94fb 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -96,11 +96,24 @@ static int php_password_make_salt(int length, int raw, char *ret TSRMLS_DC) zval_ptr_dtor(&size); zval_ptr_dtor(&source); if (Z_TYPE_P(ret) == IS_STRING) { - memcpy(buffer, Z_STRVAL_P(ret), Z_STRLEN_P(ret)); + memcpy(buffer, Z_STRVAL_P(ret), raw_length); buffer_valid = 1; } zval_ptr_dtor(&ret); } + if (!buffer_valid && PHP_PASSWORD_FUNCTION_EXISTS("openssl_random_pseudo_bytes", 27)) { + zval *ret, *size; + ALLOC_INIT_ZVAL(size); + ZVAL_LONG(size, raw_length); + zend_call_method_with_1_params(NULL, NULL, NULL, "openssl_random_pseudo_bytes", &ret, size); + zval_ptr_dtor(&size); + if (Z_TYPE_P(ret) == IS_STRING) { + memcpy(buffer, Z_STRVAL_P(ret), raw_length); + buffer_valid = 1; + } + zval_ptr_dtor(&ret); + } + if (!buffer_valid) { long number; for (i = 0; i < raw_length; i++) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: More error checking, and some cleaning up for password.c: ext/standard/password.c
Commit:618f2629567ca3a3d1817ca9c4c62339fb5fb886 Author:Anthony Ferrara Mon, 25 Jun 2012 08:50:39 -0400 Parents: 18d3bd9481c470d241c492eb39a93bd071a77c4e Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=618f2629567ca3a3d1817ca9c4c62339fb5fb886 Log: More error checking, and some cleaning up for password.c Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index f6d8048..013dab7 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -21,10 +21,6 @@ #include #include "php.h" -#if HAVE_CRYPT -#include "php_crypt.h" -#endif - #include "ext/hash/php_hash.h" #include "php_password.h" #include "php_rand.h" @@ -121,7 +117,7 @@ static int php_password_make_salt(int length, int raw, char *ret TSRMLS_DC) char *result; result = emalloc(length + 1); if (php_password_salt_to64(buffer, raw_length, length, result) == FAILURE) { - php_error_docref(NULL, E_WARNING, "Generated salt too short"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Generated salt too short"); efree(buffer); efree(result); return FAILURE; @@ -139,6 +135,12 @@ PHP_FUNCTION(password_verify) { zval *password, *hash, *ret; int status = 0, i; + zend_function *func_ptr; + + if (!PHP_PASSWORD_FUNCTION_EXISTS("crypt", 5)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Crypt must be loaded for password_verify to function"); + RETURN_FALSE; + } if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &password, &hash) == FAILURE) { RETURN_FALSE; @@ -195,6 +197,12 @@ PHP_FUNCTION(password_create) int algo_len = 0, salt_len = 0, required_salt_len = 0, hash_format_len; HashTable *options = 0; zval **option_buffer, *ret, *password, *hash_zval; + zend_function *func_ptr; + + if (!PHP_PASSWORD_FUNCTION_EXISTS("crypt", 5)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Crypt must be loaded for password_verify to function"); + RETURN_FALSE; + } if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|sH", &password, &algo, &algo_len, &options) == FAILURE) { RETURN_FALSE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Basic random generator added to make_salt: ext/standard/password.c
Commit:18d3bd9481c470d241c492eb39a93bd071a77c4e Author:Anthony Ferrara Mon, 25 Jun 2012 08:15:17 -0400 Parents: f7097d99ffedc6bd0965542454b4ac86e4b5c914 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=18d3bd9481c470d241c492eb39a93bd071a77c4e Log: Basic random generator added to make_salt Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 2b7e7df..f6d8048 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -25,6 +25,7 @@ #include "php_crypt.h" #endif +#include "ext/hash/php_hash.h" #include "php_password.h" #include "php_rand.h" #include "base64.h" @@ -73,10 +74,14 @@ static int php_password_salt_to64(const char *str, const int str_len, const int return SUCCESS; } -static int php_password_make_salt(int length, int raw, char *ret) +#define PHP_PASSWORD_FUNCTION_EXISTS(func, func_len) (zend_hash_find(EG(function_table), (func), (func_len) + 1, (void **) &func_ptr) == SUCCESS && func_ptr->type == ZEND_INTERNAL_FUNCTION && func_ptr->internal_function.handler != zif_display_disabled_function) + +static int php_password_make_salt(int length, int raw, char *ret TSRMLS_DC) { - int i, raw_length; + int i, raw_length, buffer_valid = 0; char *buffer; + zend_function *func_ptr; + if (raw) { raw_length = length; } else { @@ -85,8 +90,28 @@ static int php_password_make_salt(int length, int raw, char *ret) buffer = (char *) emalloc(raw_length + 1); /* Temp Placeholder */ - for (i = 0; i < raw_length; i++) { - buffer[i] = i; + if (PHP_PASSWORD_FUNCTION_EXISTS("mcrypt_create_iv", 16)) { + zval *ret, *size, *source; + ALLOC_INIT_ZVAL(size); + ZVAL_LONG(size, raw_length); + ALLOC_INIT_ZVAL(source) + ZVAL_LONG(source, 1); // MCRYPT_DEV_URANDOM + zend_call_method_with_2_params(NULL, NULL, NULL, "mcrypt_create_iv", &ret, size, source); + zval_ptr_dtor(&size); + zval_ptr_dtor(&source); + if (Z_TYPE_P(ret) == IS_STRING) { + memcpy(buffer, Z_STRVAL_P(ret), Z_STRLEN_P(ret)); + buffer_valid = 1; + } + zval_ptr_dtor(&ret); + } + if (!buffer_valid) { + long number; + for (i = 0; i < raw_length; i++) { + number = php_rand(TSRMLS_C); + RAND_RANGE(number, 0, 255, PHP_RAND_MAX); + buffer[i] = (char) number; + } } /* /Temp Placeholder */ @@ -154,7 +179,7 @@ PHP_FUNCTION(password_make_salt) RETURN_FALSE; } salt = emalloc(length + 1); - if (php_password_make_salt(length, (int) raw_output, salt) == FAILURE) { + if (php_password_make_salt(length, (int) raw_output, salt TSRMLS_CC) == FAILURE) { efree(salt); RETURN_FALSE; } @@ -260,7 +285,7 @@ PHP_FUNCTION(password_create) zval_ptr_dtor(option_buffer); } else { salt = emalloc(required_salt_len + 1); - if (php_password_make_salt(required_salt_len, 0, salt) == FAILURE) { + if (php_password_make_salt(required_salt_len, 0, salt TSRMLS_CC) == FAILURE) { efree(hash_format); efree(salt); RETURN_FALSE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix memory leak on branch: ext/standard/password.c
Commit:f7097d99ffedc6bd0965542454b4ac86e4b5c914 Author:Anthony Ferrara Sun, 24 Jun 2012 23:36:09 -0400 Parents: 657402832b7884f52bf07b2e6f704510395fd413 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f7097d99ffedc6bd0965542454b4ac86e4b5c914 Log: Fix memory leak on branch Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 665e69f..2b7e7df 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -246,6 +246,7 @@ PHP_FUNCTION(password_create) salt = emalloc(required_salt_len + 1); if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE) { efree(hash_format); + efree(salt); zval_ptr_dtor(option_buffer); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %d", salt_len); RETURN_FALSE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Implement password_verify: ext/standard/password.c
Commit:657402832b7884f52bf07b2e6f704510395fd413 Author:Anthony Ferrara Sun, 24 Jun 2012 23:35:26 -0400 Parents: 7e41980fe4972e097e178c034f92920c9c63086c Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=657402832b7884f52bf07b2e6f704510395fd413 Log: Implement password_verify Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 9201ff3..665e69f 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -112,6 +112,33 @@ static int php_password_make_salt(int length, int raw, char *ret) PHP_FUNCTION(password_verify) { + zval *password, *hash, *ret; + int status = 0, i; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &password, &hash) == FAILURE) { +RETURN_FALSE; +} + + zend_call_method_with_2_params(NULL, NULL, NULL, "crypt", &ret, password, hash); + + if (Z_TYPE_P(ret) != IS_STRING) { + zval_ptr_dtor(&ret); + RETURN_FALSE; + } + + if (Z_STRLEN_P(ret) != Z_STRLEN_P(hash)) { + zval_ptr_dtor(&ret); + RETURN_FALSE; + } + + for (i = 0; i < Z_STRLEN_P(ret); i++) { + status |= (Z_STRVAL_P(ret)[i] ^ Z_STRVAL_P(hash)[i]); + } + + zval_ptr_dtor(&ret); + + RETURN_BOOL(status == 0); + } PHP_FUNCTION(password_make_salt) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Actually complete password_create(): ext/standard/password.c ext/standard/php_password.h
Commit:7e41980fe4972e097e178c034f92920c9c63086c Author:Anthony Ferrara Sun, 24 Jun 2012 23:25:18 -0400 Parents: c77f2c29585f97bd9dad533b9d2bc8334de34f1b Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7e41980fe4972e097e178c034f92920c9c63086c Log: Actually complete password_create() Changed paths: M ext/standard/password.c M ext/standard/php_password.h Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 677f132..9201ff3 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -28,7 +28,7 @@ #include "php_password.h" #include "php_rand.h" #include "base64.h" - +#include "zend_interfaces.h" PHP_MINIT_FUNCTION(password) /* {{{ */ { @@ -139,15 +139,20 @@ PHP_FUNCTION(password_make_salt) Hash a password */ PHP_FUNCTION(password_create) { -char *password, *algo = 0, *hash_format, *hash, *salt; -int password_len, algo_len = 0, salt_len = 0, required_salt_len = 0, hash_format_len; +char *algo = 0, *hash_format, *hash, *salt; +int algo_len = 0, salt_len = 0, required_salt_len = 0, hash_format_len; HashTable *options = 0; -zval **option_buffer; +zval **option_buffer, *ret, *password, *hash_zval; -if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sH", &password, &password_len, &algo, &algo_len, &options) == FAILURE) { +if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|sH", &password, &algo, &algo_len, &options) == FAILURE) { RETURN_FALSE; } + if (Z_TYPE_P(password) != IS_STRING) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password must be a string"); + RETURN_FALSE; + } + if (algo_len == 0) { algo = PHP_PASSWORD_DEFAULT; algo_len = strlen(PHP_PASSWORD_DEFAULT); @@ -240,10 +245,26 @@ PHP_FUNCTION(password_create) hash = emalloc(salt_len + hash_format_len + 1); sprintf(hash, "%s%s", hash_format, salt); hash[hash_format_len + salt_len] = 0; + + ALLOC_INIT_ZVAL(hash_zval); + ZVAL_STRINGL(hash_zval, hash, hash_format_len + salt_len, 0); + efree(hash_format); efree(salt); -RETURN_STRINGL(hash, hash_format_len + salt_len, 0); + zend_call_method_with_2_params(NULL, NULL, NULL, "crypt", &ret, password, hash_zval); + + zval_ptr_dtor(&hash_zval); + + if (Z_TYPE_P(ret) != IS_STRING) { + zval_ptr_dtor(&ret); + RETURN_FALSE; + } else if(Z_STRLEN_P(ret) < 13) { + zval_ptr_dtor(&ret); + RETURN_FALSE; + } + + RETURN_ZVAL(ret, 0, 1); } /* }}} */ diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index f813189..5967840 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -33,7 +33,7 @@ PHP_MINIT_FUNCTION(password); #define PHP_PASSWORD_SHA256"5" #define PHP_PASSWORD_SHA512"6" -#define PHP_PASSWORD_BCRYPT_DEFAULT_COST 14; +#define PHP_PASSWORD_BCRYPT_DEFAULT_COST 12; #define PHP_PASSWORD_SHA_DEFAULT_ROUNDS 5000; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Base structure for passsword_create and password_make_salt: ext/standard/basic_functions.c ext/standard/config.m4 ext/standard/config.w32 ext/standard/password.c ext/standard/ph
Commit:c77f2c29585f97bd9dad533b9d2bc8334de34f1b Author:Anthony Ferrara Sun, 24 Jun 2012 22:44:43 -0400 Parents: d68b614b09b984e915db50b72430db4e4731480c Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=c77f2c29585f97bd9dad533b9d2bc8334de34f1b Log: Base structure for passsword_create and password_make_salt Changed paths: M ext/standard/basic_functions.c M ext/standard/config.m4 M ext/standard/config.w32 A ext/standard/password.c A ext/standard/php_password.h M ext/standard/php_standard.h diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 63d40ef..64025db 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1866,6 +1866,21 @@ ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO(arginfo_getlastmod, 0) ZEND_END_ARG_INFO() /* }}} */ +/* {{{ password.c */ +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_create, 0, 0, 1) + ZEND_ARG_INFO(0, password) + ZEND_ARG_INFO(0, algo) + ZEND_ARG_INFO(0, options) +ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_verify, 0, 0, 2) + ZEND_ARG_INFO(0, password) + ZEND_ARG_INFO(0, hash) +ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_make_salt, 0, 0, 1) + ZEND_ARG_INFO(0, length) + ZEND_ARG_INFO(0, raw_output) +ZEND_END_ARG_INFO() +/* }}} */ /* {{{ proc_open.c */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN ZEND_BEGIN_ARG_INFO_EX(arginfo_proc_terminate, 0, 0, 1) @@ -2880,6 +2895,10 @@ const zend_function_entry basic_functions[] = { /* {{{ */ PHP_FE(base64_decode, arginfo_base64_decode) PHP_FE(base64_encode, arginfo_base64_encode) + PHP_FE(password_create, arginfo_password_create) + PHP_FE(password_verify, arginfo_password_verify) + PHP_FE(password_make_salt, arginfo_password_make_salt) + PHP_FE(convert_uuencode, arginfo_convert_uuencode) PHP_FE(convert_uudecode, arginfo_convert_uudecode) @@ -3630,6 +3649,7 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */ BASIC_MINIT_SUBMODULE(browscap) BASIC_MINIT_SUBMODULE(standard_filters) BASIC_MINIT_SUBMODULE(user_filters) + BASIC_MINIT_SUBMODULE(password) #if defined(HAVE_LOCALECONV) && defined(ZTS) BASIC_MINIT_SUBMODULE(localeconv) diff --git a/ext/standard/config.m4 b/ext/standard/config.m4 index c33ae1e..fba423b 100644 --- a/ext/standard/config.m4 +++ b/ext/standard/config.m4 @@ -580,7 +580,7 @@ PHP_NEW_EXTENSION(standard, array.c base64.c basic_functions.c browscap.c crc32. incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \ http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \ var_unserializer.c ftok.c sha1.c user_filters.c uuencode.c \ -filters.c proc_open.c streamsfuncs.c http.c) +filters.c proc_open.c streamsfuncs.c http.c password.c) PHP_ADD_MAKEFILE_FRAGMENT PHP_INSTALL_HEADERS([ext/standard/]) diff --git a/ext/standard/config.w32 b/ext/standard/config.w32 index d14b859..5f24641b 100644 --- a/ext/standard/config.w32 +++ b/ext/standard/config.w32 @@ -19,7 +19,7 @@ EXTENSION("standard", "array.c base64.c basic_functions.c browscap.c \ versioning.c assert.c strnatcmp.c levenshtein.c incomplete_class.c \ url_scanner_ex.c ftp_fopen_wrapper.c http_fopen_wrapper.c \ php_fopen_wrapper.c credits.c css.c var_unserializer.c ftok.c sha1.c \ - user_filters.c uuencode.c filters.c proc_open.c \ + user_filters.c uuencode.c filters.c proc_open.c password.c \ streamsfuncs.c http.c flock_compat.c", false /* never shared */); PHP_INSTALL_HEADERS("", "ext/standard"); if (PHP_MBREGEX != "no") { diff --git a/ext/standard/password.c b/ext/standard/password.c new file mode 100644 index 000..677f132 --- /dev/null +++ b/ext/standard/password.c @@ -0,0 +1,257 @@ +/* + +--+ + | PHP Version 5| + +-
Re: [PHP-CVS] com php-src: Really fix leaks, add test cases to prove it...: ext/standard/password.c ext/standard/tests/password/password_bcrypt_errors.phpt ext/standard/tests/password/password_hash_er
Nuno, On Tue, Oct 16, 2012 at 2:14 PM, Nuno Lopes wrote: > Hi, > > + case IS_BOOL: >> + case IS_NULL: >> case IS_RESOURCE: >> case IS_ARRAY: >> default: >> > > it doesn't make sense to have those cases and the default. Please remove > all those useless cases. I see it as self-documentation to include them as it indicates without needing to think that it's intentional that they are treated as default. If the overall consensus is that they should be removed, that's fine (and I'll remove them). But I consider this more readable and easier to comprehend than without... Thoughts? Anthony
[PHP-CVS] com php-src: News entry for CURL notice addition: NEWS
Commit:c4ce96d073da66c04ebe1c74f38138d33a5e6fd4 Author:Anthony Ferrara Thu, 25 Oct 2012 16:04:56 -0400 Parents: f68f31f1211f4f3fe8c692269e916358110fa73d Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=c4ce96d073da66c04ebe1c74f38138d33a5e6fd4 Log: News entry for CURL notice addition Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 8a322a9..10694f6 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,10 @@ PHP NEWS - Core: . Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence) +- Curl: + . Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST). +Patch by John Jawed GitHub PR #221 (Anthony) + - Fileinfo: . Fixed bug #63248 (Load multiple magic files from a directory under Windows). (Anatoliy) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Notice if CURLOPT_SSL_VERIFYHOST is set to true: ext/curl/interface.c ext/curl/tests/bug63363.phpt
Commit:3b85d09de7347b16024530579e46f89d587a2e18 Author:John Jawed (JJ) Wed, 24 Oct 2012 21:47:47 -0700 Parents: 7b4a53e26344ede3534c6ce7ea5973cd4082c90e Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=3b85d09de7347b16024530579e46f89d587a2e18 Log: Notice if CURLOPT_SSL_VERIFYHOST is set to true Changed paths: M ext/curl/interface.c A ext/curl/tests/bug63363.phpt Diff: diff --git a/ext/curl/interface.c b/ext/curl/interface.c index d9abece..eb7ed8d 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -2014,6 +2014,10 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu switch (option) { /* Long options */ + case CURLOPT_SSL_VERIFYHOST: + if(Z_TYPE_PP(zvalue)==IS_BOOL && Z_BVAL_PP(zvalue)) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation)"); + } case CURLOPT_AUTOREFERER: case CURLOPT_BUFFERSIZE: case CURLOPT_CLOSEPOLICY: @@ -2048,7 +2052,6 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu case CURLOPT_PUT: case CURLOPT_RESUME_FROM: case CURLOPT_SSLVERSION: - case CURLOPT_SSL_VERIFYHOST: case CURLOPT_SSL_VERIFYPEER: case CURLOPT_TIMECONDITION: case CURLOPT_TIMEOUT: diff --git a/ext/curl/tests/bug63363.phpt b/ext/curl/tests/bug63363.phpt new file mode 100644 index 000..43deaa2 --- /dev/null +++ b/ext/curl/tests/bug63363.phpt @@ -0,0 +1,29 @@ +--TEST-- +Bug #63363 (CURL silently accepts boolean value for SSL_VERIFYHOST) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +bool(true) + +Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation) in %s on line %d +bool(true) +bool(true) +bool(true) +bool(true) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Notice if CURLOPT_SSL_VERIFYHOST is set to true: ext/curl/interface.c ext/curl/tests/bug63363.phpt
Commit:f68f31f1211f4f3fe8c692269e916358110fa73d Author:John Jawed (JJ) Wed, 24 Oct 2012 21:47:47 -0700 Committer: Anthony Ferrara Thu, 25 Oct 2012 16:00:02 -0400 Parents: 0737be7e7baf1fece1683ca9f33064733d8b3514 Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f68f31f1211f4f3fe8c692269e916358110fa73d Log: Notice if CURLOPT_SSL_VERIFYHOST is set to true Changed paths: M ext/curl/interface.c A ext/curl/tests/bug63363.phpt Diff: diff --git a/ext/curl/interface.c b/ext/curl/interface.c index d75e5c0..00dbfd3 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1683,6 +1683,11 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu CURLcode error=CURLE_OK; switch (option) { + /* Long options */ + case CURLOPT_SSL_VERIFYHOST: + if(Z_TYPE_PP(zvalue)==IS_BOOL && Z_BVAL_PP(zvalue)) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation)"); + } case CURLOPT_INFILESIZE: case CURLOPT_VERBOSE: case CURLOPT_HEADER: @@ -1721,7 +1726,6 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu #if LIBCURL_VERSION_NUM > 0x071002 case CURLOPT_CONNECTTIMEOUT_MS: #endif - case CURLOPT_SSL_VERIFYHOST: case CURLOPT_SSL_VERIFYPEER: case CURLOPT_DNS_USE_GLOBAL_CACHE: case CURLOPT_NOSIGNAL: diff --git a/ext/curl/tests/bug63363.phpt b/ext/curl/tests/bug63363.phpt new file mode 100644 index 000..43deaa2 --- /dev/null +++ b/ext/curl/tests/bug63363.phpt @@ -0,0 +1,29 @@ +--TEST-- +Bug #63363 (CURL silently accepts boolean value for SSL_VERIFYHOST) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +bool(true) + +Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation) in %s on line %d +bool(true) +bool(true) +bool(true) +bool(true) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix #64745 hash_pbkdf2 truncation issue: NEWS ext/hash/hash.c ext/hash/tests/bug64745.phpt
Commit:540a5a52e89fce6da19d6f79dd1eda587a25b396 Author:Anthony Ferrara Tue, 28 May 2013 15:30:45 -0400 Parents: 2f01e06786c6f4b2479fdb728bd26062d07208e0 Branches: PHP-5.5 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=540a5a52e89fce6da19d6f79dd1eda587a25b396 Log: Fix #64745 hash_pbkdf2 truncation issue When using hash_pbkdf2 with hex output and 0 length (auto), it incorrectly truncates the result to 1/2 the expected result. Bugs: https://bugs.php.net/64745 Changed paths: M NEWS M ext/hash/hash.c A ext/hash/tests/bug64745.phpt Diff: diff --git a/NEWS b/NEWS index b9a2226..d2d8aae 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,10 @@ PHP NEWS -FPM: . Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi) +- Hash: + . Fixed Bug #64745 (hash_pbkdf2() truncates data when using default length +and hex output). (Anthony Ferrara) + 23 May 2013, PHP 5.5.0 Release Candidate 2 - Core: diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 9492387..9cede14 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -659,6 +659,9 @@ PHP_FUNCTION(hash_pbkdf2) /* Setup Main Loop to build a long enough result */ if (length == 0) { length = ops->digest_size; + if (!raw_output) { + length = length * 2; + } } digest_length = length; if (!raw_output) { diff --git a/ext/hash/tests/bug64745.phpt b/ext/hash/tests/bug64745.phpt new file mode 100644 index 000..427f89b --- /dev/null +++ b/ext/hash/tests/bug64745.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #64745 hash_pbkdf2() truncates data when using default length and hex output +--SKIPIF-- + +--FILE-- + +--EXPECT-- +string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" +string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" + -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix return types of password API helper functions.: NEWS ext/standard/password.c
Commit:83e3466898abcde99d0bd0b3dadc43b416e5cde6 Author:Anthony Ferrara Wed, 21 Aug 2013 12:10:40 -0400 Parents: 4283f75c347a105e53ae38fc96e614671df53f1b Branches: PHP-5.5 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=83e3466898abcde99d0bd0b3dadc43b416e5cde6 Log: Fix return types of password API helper functions. This fixes issues that were found during static analysis by cjones where failure was impossible to detect due to return type mangling (casting an int to a char, then comparing to an int). Changed paths: M NEWS M ext/standard/password.c Diff: diff --git a/NEWS b/NEWS index 1902520..75a0b3c 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,10 @@ PHP NEWS . Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize session serialize handler that uses plain serialize()). (Yasuo) +- Standard: + . Fix issue with return types of password API helper functions. Found via static +analysis by cjones. (Anthony Ferrara) + 22 Aug 2013, PHP 5.5.3 - Openssl: diff --git a/ext/standard/password.c b/ext/standard/password.c index 2127991..ca85203 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -66,20 +66,20 @@ static php_password_algo php_password_determine_algo(const char *hash, const siz return PHP_PASSWORD_UNKNOWN; } -static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ +static int php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ { size_t i = 0; for (i = 0; i < len; i++) { if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { - return 0; + return FAILURE; } } - return 1; + return SUCCESS; } /* }}} */ -static zend_bool php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ +static int php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ { size_t pos = 0; size_t ret_len = 0; @@ -108,7 +108,7 @@ static zend_bool php_password_salt_to64(const char *str, const size_t str_len, c } /* }}} */ -static zend_bool php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ +static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; size_t i, raw_length; @@ -395,7 +395,7 @@ PHP_FUNCTION(password_hash) efree(buffer); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); RETURN_NULL(); - } else if (0 == php_password_salt_is_alphabet(buffer, buffer_len)) { + } else if (php_password_salt_is_alphabet(buffer, buffer_len) == FAILURE) { salt = safe_emalloc(required_salt_len, 1, 1); if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE) { efree(hash_format); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php