There's is a check on the max keysize, but no check, if the keysize is larger than 0. So the simple patch I attached to this mail should hopefully be sufficient. Regards, Alexander -- | Alexander Wirtz | eMail: [EMAIL PROTECTED] | | web@ctive GmbH | WWW: http://www.web-active.com/ |
--- mcrypt.orig.c Thu Aug 30 14:01:36 2001 +++ mcrypt.c Thu Aug 30 14:07:35 2001 @@ -465,6 +465,11 @@ iv_s = emalloc (iv_size + 1); memset (iv_s, 0, iv_size + 1); + if(Z_STRLEN_PP(key) == 0) { + sprintf (dummy, "key size too small"); + php_error (E_ERROR, dummy); + RETURN_FALSE; + } if (Z_STRLEN_PP(key) > max_key_size) { sprintf (dummy, "key size too large; supplied length: %d, max: %d", Z_STRLEN_PP(key), max_key_size);
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]