[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c
derick Wed Apr 18 15:14:07 2001 EDT Modified files: /php4/ext/mcryptmcrypt.c Log: - Fixed some more problems with keys being chopped off (fix for bug #8839) Index: php4/ext/mcrypt/mcrypt.c diff -u php4/ext/mcrypt/mcrypt.c:1.48 php4/ext/mcrypt/mcrypt.c:1.49 --- php4/ext/mcrypt/mcrypt.c:1.48 Mon Apr 9 17:09:17 2001 +++ php4/ext/mcrypt/mcrypt.cWed Apr 18 15:14:06 2001 @@ -466,14 +466,14 @@ Z_STRLEN_PP(key), max_key_size); php_error (E_NOTICE, dummy); } - strncpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key)); + memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key)); if (Z_STRLEN_PP(iv) != iv_size) { sprintf (dummy, "iv size incorrect; supplied length: %d, needed: %d", Z_STRLEN_PP(iv), iv_size); php_error (E_WARNING, dummy); } - strncpy (iv_s, Z_STRVAL_PP(iv), iv_size); + memcpy (iv_s, Z_STRVAL_PP(iv), iv_size); RETVAL_LONG (mcrypt_generic_init (td, key_s, Z_STRLEN_PP(key), iv_s)); efree (iv_s); @@ -1236,13 +1236,15 @@ } key_length_sizes = mcrypt_enc_get_supported_key_sizes (td, &count); if (count == 0 && key_length_sizes == NULL) { /* all lengths 1 - k_l_s = OK */ - key_s = estrdup (Z_STRVAL_PP(key)); use_key_length = Z_STRLEN_PP(key); + key_s = emalloc (use_key_length); + memset (key_s, 0, use_key_length); + memcpy (key_s, Z_STRVAL_PP(key), use_key_length); } else if (count == 1) { /* only m_k_l = OK */ key_s = emalloc (key_length_sizes[0]); memset (key_s, 0, key_length_sizes[0]); - strcpy (key_s, Z_STRVAL_PP(key)); + memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key)); use_key_length = key_length_sizes[0]; } else { /* derterminating smallest supported key > length of requested key */ @@ -1256,7 +1258,7 @@ } key_s = emalloc (use_key_length); memset (key_s, 0, use_key_length); - strcpy (key_s, Z_STRVAL_PP(key)); + memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key)); } mcrypt_free (key_length_sizes); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c
> Hello Guys, > > do you think this should be merged to the 4.0.5 branch? Otherwise Blowfish > (and others) encrypted get initialised with a too long key. That caused > them to be not compatible with encryptions/decryptions made by other > programs. As the poster of the original bug report, I strongly suggest this be merged into 4.0.5. As it stands, PHP's blowfish encryption isn't compatible with any other blowfish-encrypted programs, and should be fixed sooner rather than later. Of course, it will require a big note in the NEWS file ... :) - Colin P.S. Thank you Derick for figuring this out! :) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c
Hello Guys, do you think this should be merged to the 4.0.5 branch? Otherwise Blowfish (and others) encrypted get initialised with a too long key. That caused them to be not compatible with encryptions/decryptions made by other programs. The second fix fixes a vulnarability in the assembly of the minfo lines. Derick On Tue, 10 Apr 2001, Derick Rethans wrote: > /php4/ext/mcrypt mcrypt.c > Log: > - Fix for bug #8839 > - MINFO updated to use smart_str's Derick Rethans - PHP: Scripting the Web - www.php.net - [EMAIL PROTECTED] SRM: Site Resource Manager - www.vl-srm.net - JDI Media Solutions - www.jdimedia.nl - [EMAIL PROTECTED] Boulevard Heuvelink 102 - 6828 KT Arnhem - The Netherlands - -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c
derick Mon Apr 9 17:09:18 2001 EDT Modified files: /php4/ext/mcryptmcrypt.c Log: - Removed debug thing Index: php4/ext/mcrypt/mcrypt.c diff -u php4/ext/mcrypt/mcrypt.c:1.47 php4/ext/mcrypt/mcrypt.c:1.48 --- php4/ext/mcrypt/mcrypt.c:1.47 Mon Apr 9 17:07:53 2001 +++ php4/ext/mcrypt/mcrypt.cMon Apr 9 17:09:17 2001 @@ -351,7 +351,6 @@ MCLS_FETCH(); modules = mcrypt_list_algorithms (MCG(algorithms_dir), &count); - printf ("boo\n"); if (count == 0) { smart_str_appends (&tmp1, "none"); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c
derick Mon Apr 9 17:07:54 2001 EDT Modified files: /php4/ext/mcryptmcrypt.c Log: - Fix for bug #8839 - MINFO updated to use smart_str's Index: php4/ext/mcrypt/mcrypt.c diff -u php4/ext/mcrypt/mcrypt.c:1.46 php4/ext/mcrypt/mcrypt.c:1.47 --- php4/ext/mcrypt/mcrypt.c:1.46 Fri Mar 16 07:59:45 2001 +++ php4/ext/mcrypt/mcrypt.cMon Apr 9 17:07:53 2001 @@ -339,36 +339,38 @@ return SUCCESS; } +#include "ext/standard/php_smart_str.h" + PHP_MINFO_FUNCTION(mcrypt) { #if HAVE_LIBMCRYPT24 char **modules; int i, count; - char *tmp, *tmp2; + smart_str tmp1 = {0}; + smart_str tmp2 = {0}; MCLS_FETCH(); - tmp = emalloc (2048); - memset (tmp, 0, sizeof(tmp)); modules = mcrypt_list_algorithms (MCG(algorithms_dir), &count); + printf ("boo\n"); if (count == 0) { - strcpy (tmp, "none"); + smart_str_appends (&tmp1, "none"); } for (i = 0; i < count; i++) { - strcat (tmp, modules[i]); - strcat (tmp, " "); + smart_str_appends (&tmp1, modules[i]); + smart_str_appendc (&tmp1, ' '); } + smart_str_0 (&tmp1); mcrypt_free_p (modules, count); - tmp2 = emalloc (2048); - memset (tmp2, 0, sizeof(tmp2)); modules = mcrypt_list_modes (MCG(modes_dir), &count); if (count == 0) { - strcpy (tmp2, "none"); + smart_str_appends (&tmp2, "none"); } for (i = 0; i < count; i++) { - strcat (tmp2, modules[i]); - strcat (tmp2, " "); + smart_str_appends (&tmp2, modules[i]); + smart_str_appendc (&tmp2, ' '); } + smart_str_0 (&tmp2); mcrypt_free_p (modules, count); #endif @@ -379,10 +381,10 @@ #endif #if HAVE_LIBMCRYPT24 php_info_print_table_row(2, "version", "2.4.x"); - php_info_print_table_row(2, "Supported ciphers", tmp); - php_info_print_table_row(2, "Supported modes", tmp2); - efree (tmp2); - efree (tmp); + php_info_print_table_row(2, "Supported ciphers", tmp1.c); + php_info_print_table_row(2, "Supported modes", tmp2.c); + smart_str_free (&tmp1); + smart_str_free (&tmp2); #endif php_info_print_table_end(); @@ -436,9 +438,9 @@ { zval **key, **iv; zval **mcryptind; - char *key_s, *iv_s; + unsigned char *key_s, *iv_s; char dummy[256]; - int key_size, iv_size; + int max_key_size, iv_size; MCRYPT td; int argc; MCLS_FETCH(); @@ -450,21 +452,22 @@ ZEND_FETCH_RESOURCE (td, MCRYPT, mcryptind, -1, "MCrypt", MCG(le_h)); convert_to_string_ex (key); convert_to_string_ex (iv); - - key_size = mcrypt_enc_get_key_size (td); - key_s = emalloc (key_size + 1); - memset (key_s, 0, key_size + 1); + max_key_size = mcrypt_enc_get_key_size (td); iv_size = mcrypt_enc_get_iv_size (td); + + key_s = emalloc (Z_STRLEN_PP(key)); + memset (key_s, 0, Z_STRLEN_PP(key)); + iv_s = emalloc (iv_size + 1); memset (iv_s, 0, iv_size + 1); - if (Z_STRLEN_PP(key) != key_size) { - sprintf (dummy, "key size incorrect; supplied length: %d, needed: %d", - Z_STRLEN_PP(key), key_size); + if (Z_STRLEN_PP(key) > max_key_size) { + sprintf (dummy, "key size too large; supplied length: %d, max: %d", + Z_STRLEN_PP(key), max_key_size); php_error (E_NOTICE, dummy); } - strncpy (key_s, Z_STRVAL_PP(key), key_size); + strncpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key)); if (Z_STRLEN_PP(iv) != iv_size) { sprintf (dummy, "iv size incorrect; supplied length: %d, needed: %d", @@ -473,7 +476,7 @@ } strncpy (iv_s, Z_STRVAL_PP(iv), iv_size); - RETVAL_LONG (mcrypt_generic_init (td, key_s, key_size, iv_s)); + RETVAL_LONG (mcrypt_generic_init (td, key_s, Z_STRLEN_PP(key), iv_s)); efree (iv_s); efree (key_s); } @@ -487,7 +490,7 @@ zval **data, **mcryptind; MCRYPT td; int argc; - char* data_s; + unsigned char* data_s; int block_size, data_size; MCLS_FETCH(); @@ -1294,7 +1297,7 @@ memset (data_s, 0, data_size); memcpy (data_s, Z_STRVAL_PP(data), Z_STRLEN_PP(data)); } - + if (mcrypt_generic_init (td, key_s, use_key_length, iv_s) < 0) { php_error (E_ERROR, "generic_init failed"); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c
derick Fri Mar 16 07:59:46 2001 EDT Modified files: /php4/ext/mcryptmcrypt.c Log: - Fixed mem leak Index: php4/ext/mcrypt/mcrypt.c diff -u php4/ext/mcrypt/mcrypt.c:1.45 php4/ext/mcrypt/mcrypt.c:1.46 --- php4/ext/mcrypt/mcrypt.c:1.45 Sun Feb 25 22:07:02 2001 +++ php4/ext/mcrypt/mcrypt.cFri Mar 16 07:59:45 2001 @@ -1211,7 +1211,7 @@ int block_size, max_key_length, use_key_length, i, count, iv_size; unsigned long int data_size; int *key_length_sizes; - char *key_s, *iv_s; + char *key_s = NULL, *iv_s; char *data_s; MCRYPT td; MCLS_FETCH(); @@ -1307,6 +1307,8 @@ /* freeing vars */ mcrypt_generic_end (td); + if (key_s != NULL) + efree (key_s); if (iv_s != NULL) efree (iv_s); efree (data_s); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c
cmv Sat Jan 13 12:55:15 2001 EDT Modified files: /php4/ext/mcryptmcrypt.c Log: Support for perl-compatible blowfish encryption (in libmcrypt CVS and versions later than 2.4.8) Index: php4/ext/mcrypt/mcrypt.c diff -u php4/ext/mcrypt/mcrypt.c:1.43 php4/ext/mcrypt/mcrypt.c:1.44 --- php4/ext/mcrypt/mcrypt.c:1.43 Wed Nov 22 13:40:15 2000 +++ php4/ext/mcrypt/mcrypt.cSat Jan 13 12:55:15 2001 @@ -294,6 +294,7 @@ MCRYPT_ENTRY2_2_4(ARCFOUR_IV, "arcfour-iv"); MCRYPT_ENTRY2_2_4(ARCFOUR, "arcfour"); MCRYPT_ENTRY2_2_4(BLOWFISH, "blowfish"); + MCRYPT_ENTRY2_2_4(BLOWFISH_COMPAT, "blowfish-compat"); MCRYPT_ENTRY2_2_4(CAST_128, "cast-128"); MCRYPT_ENTRY2_2_4(CAST_256, "cast-256"); MCRYPT_ENTRY2_2_4(CRYPT, "crypt"); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]