There's is a check on the max keysize, but no check, if the keysize is
larger than 0. So the simple patch I attached to this mail should hopefully
be sufficient.
Regards,
Alexander
--
| Alexander Wirtz | eMail: [EMAIL PROTECTED] |
| web@ctive GmbH | WWW: http://www.web-active.com/ |
--- mcrypt.orig.c Thu Aug 30 14:01:36 2001
+++ mcrypt.c Thu Aug 30 14:07:35 2001
@@ -465,6 +465,11 @@
iv_s = emalloc (iv_size + 1);
memset (iv_s, 0, iv_size + 1);
+ if(Z_STRLEN_PP(key) == 0) {
+ sprintf (dummy, "key size too small");
+ php_error (E_ERROR, dummy);
+ RETURN_FALSE;
+ }
if (Z_STRLEN_PP(key) > max_key_size) {
sprintf (dummy, "key size too large; supplied length: %d, max: %d",
Z_STRLEN_PP(key), max_key_size);
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
