[PHP-DEV] Bug #10538 Updated: mcrypt_generic_init truncates key/iv upon first '\0'
ID: 10538
Updated by: derick
Reported By: [EMAIL PROTECTED]
Status: Closed
Bug Type: mcrypt related
PHP Version: 4.0.4pl1
Assigned To: derick
Comments:
It's fixed in CVS as you say (and it is fixed in 4.0.5 too BTW_
Previous Comments:
---
[2001-04-30 05:43:16] [EMAIL PROTECTED]
Seems to be a duplicate of Bug #8839 and it is already fixed in CVS.
---
[2001-04-28 12:50:42] [EMAIL PROTECTED]
Same happens in mcrypt_ecb, mcrypt_cbc, mcrypt_cfb and mcrypt_ofb too.
Script showing the bug:
The two ciphertexts should NOT be the same as the key is different.
Proposed patch (also fixes a possible memory access problem, but only for the
mcrypt_generic_init function, the I didn't fully understand php_mcrypt_do_crypt yet,
when I do I will update the patch, see also Bug #10518):
--- php-4.0.4pl1/ext/mcrypt/mcrypt.cWed Nov 22 22:40:15 2000
+++ php-4.0.4pl1-sk/ext/mcrypt/mcrypt.c Sat Apr 28 18:53:07 2001
@@ -463,14 +463,22 @@
Z_STRLEN_PP(key), key_size);
php_error (E_NOTICE, dummy);
}
- strncpy (key_s, Z_STRVAL_PP(key), key_size);
+ if (Z_STRLEN_PP(key) > key_size) {
+ memcpy (key_s, Z_STRVAL_PP(key), key_size);
+ } else {
+ memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
+ }
if (Z_STRLEN_PP(iv) != iv_size) {
sprintf (dummy, "iv size incorrect; supplied length: %d, needed: %d",
Z_STRLEN_PP(iv), iv_size);
php_error (E_WARNING, dummy);
}
- strncpy (iv_s, Z_STRVAL_PP(iv), iv_size);
+ if (Z_STRLEN_PP(iv) > iv_size) {
+ memcpy (iv_s, Z_STRVAL_PP(iv), iv_size);
+ } else {
+ memcpy (iv_s, Z_STRVAL_PP(iv), Z_STRLEN_PP(iv));
+ }
RETVAL_LONG (mcrypt_generic_init (td, key_s, key_size, iv_s));
efree (iv_s);
---
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10538&edit=2
--
PHP Development Mailing List
[PHP-DEV] Bug #10538 Updated: mcrypt_generic_init truncates key/iv upon first '\0'
ID: 10538
Updated by: derick
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Assigned
Bug Type: mcrypt related
PHP Version: 4.0.4pl1
Assigned To: derick
Comments:
Previous Comments:
---
[2001-04-28 12:50:42] [EMAIL PROTECTED]
Same happens in mcrypt_ecb, mcrypt_cbc, mcrypt_cfb and mcrypt_ofb too.
Script showing the bug:
The two ciphertexts should NOT be the same as the key is different.
Proposed patch (also fixes a possible memory access problem, but only for the
mcrypt_generic_init function, the I didn't fully understand php_mcrypt_do_crypt yet,
when I do I will update the patch, see also Bug #10518):
--- php-4.0.4pl1/ext/mcrypt/mcrypt.cWed Nov 22 22:40:15 2000
+++ php-4.0.4pl1-sk/ext/mcrypt/mcrypt.c Sat Apr 28 18:53:07 2001
@@ -463,14 +463,22 @@
Z_STRLEN_PP(key), key_size);
php_error (E_NOTICE, dummy);
}
- strncpy (key_s, Z_STRVAL_PP(key), key_size);
+ if (Z_STRLEN_PP(key) > key_size) {
+ memcpy (key_s, Z_STRVAL_PP(key), key_size);
+ } else {
+ memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
+ }
if (Z_STRLEN_PP(iv) != iv_size) {
sprintf (dummy, "iv size incorrect; supplied length: %d, needed: %d",
Z_STRLEN_PP(iv), iv_size);
php_error (E_WARNING, dummy);
}
- strncpy (iv_s, Z_STRVAL_PP(iv), iv_size);
+ if (Z_STRLEN_PP(iv) > iv_size) {
+ memcpy (iv_s, Z_STRVAL_PP(iv), iv_size);
+ } else {
+ memcpy (iv_s, Z_STRVAL_PP(iv), Z_STRLEN_PP(iv));
+ }
RETVAL_LONG (mcrypt_generic_init (td, key_s, key_size, iv_s));
efree (iv_s);
---
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10538&edit=2
--
PHP Development Mailing List
