subject:"\[PHP\-CVS\] cvs\: php4 \/ext\/mcrypt mcrypt.c"

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

2001-04-18 Thread Derick Rethans


derick  Wed Apr 18 15:14:07 2001 EDT

  Modified files:  
/php4/ext/mcryptmcrypt.c 
  Log:
  - Fixed some more problems with keys being chopped off (fix for bug #8839)
  
  
Index: php4/ext/mcrypt/mcrypt.c
diff -u php4/ext/mcrypt/mcrypt.c:1.48 php4/ext/mcrypt/mcrypt.c:1.49
--- php4/ext/mcrypt/mcrypt.c:1.48   Mon Apr  9 17:09:17 2001
+++ php4/ext/mcrypt/mcrypt.cWed Apr 18 15:14:06 2001
@@ -466,14 +466,14 @@
Z_STRLEN_PP(key), max_key_size);
php_error (E_NOTICE, dummy);
}
-   strncpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
+   memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
 
if (Z_STRLEN_PP(iv) != iv_size) {
sprintf (dummy, "iv size incorrect; supplied length: %d, needed: %d", 
Z_STRLEN_PP(iv), iv_size);
php_error (E_WARNING, dummy);
}
-   strncpy (iv_s, Z_STRVAL_PP(iv), iv_size);
+   memcpy (iv_s, Z_STRVAL_PP(iv), iv_size);
 
RETVAL_LONG (mcrypt_generic_init (td, key_s, Z_STRLEN_PP(key), iv_s));
efree (iv_s);
@@ -1236,13 +1236,15 @@
}
key_length_sizes = mcrypt_enc_get_supported_key_sizes (td, &count);
if (count == 0 && key_length_sizes == NULL) { /* all lengths 1 - k_l_s = OK */
-   key_s = estrdup (Z_STRVAL_PP(key));
use_key_length = Z_STRLEN_PP(key);
+   key_s = emalloc (use_key_length);
+   memset (key_s, 0, use_key_length);
+   memcpy (key_s, Z_STRVAL_PP(key), use_key_length);
}
else if (count == 1) {  /* only m_k_l = OK */
key_s = emalloc (key_length_sizes[0]);
memset (key_s, 0, key_length_sizes[0]);
-   strcpy (key_s, Z_STRVAL_PP(key));
+   memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
use_key_length = key_length_sizes[0];
}
else { /* derterminating smallest supported key > length of requested key */
@@ -1256,7 +1258,7 @@
}
key_s = emalloc (use_key_length);
memset (key_s, 0, use_key_length);
-   strcpy (key_s, Z_STRVAL_PP(key));
+   memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
}
mcrypt_free (key_length_sizes);




-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

2001-04-10 Thread Colin Viebrock


> Hello Guys,
>
> do you think this should be merged to the 4.0.5 branch? Otherwise Blowfish
> (and others) encrypted get initialised with a too long key. That caused
> them to be not compatible with encryptions/decryptions made by other
> programs.

As the poster of the original bug report, I strongly suggest this be merged
into 4.0.5.  As it stands, PHP's blowfish encryption isn't compatible with
any other blowfish-encrypted programs, and should be fixed sooner rather
than later.

Of course, it will require a big note in the NEWS file ... :)

- Colin

P.S. Thank you Derick for figuring this out! :)


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

2001-04-10 Thread Derick Rethans

Hello Guys,

do you think this should be merged to the 4.0.5 branch? Otherwise Blowfish
(and others) encrypted get initialised with a too long key. That caused
them to be not compatible with encryptions/decryptions made by other
programs.

The second fix fixes a vulnarability in the assembly of the minfo lines.

Derick

On Tue, 10 Apr 2001, Derick Rethans wrote:

> /php4/ext/mcrypt  mcrypt.c
>   Log:
>   - Fix for bug #8839
>   - MINFO updated to use smart_str's

Derick Rethans

-
PHP: Scripting the Web - www.php.net - [EMAIL PROTECTED]
 SRM: Site Resource Manager - www.vl-srm.net
-
JDI Media Solutions - www.jdimedia.nl - [EMAIL PROTECTED]
 Boulevard Heuvelink 102 - 6828 KT Arnhem - The Netherlands
-

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

2001-04-09 Thread Derick Rethans


derick  Mon Apr  9 17:09:18 2001 EDT

  Modified files:  
/php4/ext/mcryptmcrypt.c 
  Log:
  - Removed debug thing
  
  
Index: php4/ext/mcrypt/mcrypt.c
diff -u php4/ext/mcrypt/mcrypt.c:1.47 php4/ext/mcrypt/mcrypt.c:1.48
--- php4/ext/mcrypt/mcrypt.c:1.47   Mon Apr  9 17:07:53 2001
+++ php4/ext/mcrypt/mcrypt.cMon Apr  9 17:09:17 2001
@@ -351,7 +351,6 @@
MCLS_FETCH();
 
modules = mcrypt_list_algorithms (MCG(algorithms_dir), &count);
-   printf ("boo\n");
if (count == 0) {
smart_str_appends (&tmp1, "none");
}



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

2001-04-09 Thread Derick Rethans


derick  Mon Apr  9 17:07:54 2001 EDT

  Modified files:  
/php4/ext/mcryptmcrypt.c 
  Log:
  - Fix for bug #8839
  - MINFO updated to use smart_str's
  
  
Index: php4/ext/mcrypt/mcrypt.c
diff -u php4/ext/mcrypt/mcrypt.c:1.46 php4/ext/mcrypt/mcrypt.c:1.47
--- php4/ext/mcrypt/mcrypt.c:1.46   Fri Mar 16 07:59:45 2001
+++ php4/ext/mcrypt/mcrypt.cMon Apr  9 17:07:53 2001
@@ -339,36 +339,38 @@
return SUCCESS;
 }
 
+#include "ext/standard/php_smart_str.h"
+
 PHP_MINFO_FUNCTION(mcrypt)
 {
 #if HAVE_LIBMCRYPT24
char **modules;
int i, count;
-   char *tmp, *tmp2;
+   smart_str tmp1 = {0};
+   smart_str tmp2 = {0};
MCLS_FETCH();
 
-   tmp = emalloc (2048);
-   memset (tmp, 0, sizeof(tmp));
modules = mcrypt_list_algorithms (MCG(algorithms_dir), &count);
+   printf ("boo\n");
if (count == 0) {
-   strcpy (tmp, "none");
+   smart_str_appends (&tmp1, "none");
}
for (i = 0; i < count; i++) {
-   strcat (tmp, modules[i]);
-   strcat (tmp, " ");
+   smart_str_appends (&tmp1, modules[i]);
+   smart_str_appendc (&tmp1, ' ');
}
+   smart_str_0 (&tmp1);
mcrypt_free_p (modules, count);
 
-   tmp2 = emalloc (2048);
-   memset (tmp2, 0, sizeof(tmp2));
modules = mcrypt_list_modes (MCG(modes_dir), &count);
if (count == 0) {
-   strcpy (tmp2, "none");
+   smart_str_appends (&tmp2, "none");
}
for (i = 0; i < count; i++) {
-   strcat (tmp2, modules[i]);
-   strcat (tmp2, " ");
+   smart_str_appends (&tmp2, modules[i]);
+   smart_str_appendc (&tmp2, ' ');
}
+   smart_str_0 (&tmp2);
mcrypt_free_p (modules, count);
 #endif
 
@@ -379,10 +381,10 @@
 #endif
 #if HAVE_LIBMCRYPT24
php_info_print_table_row(2, "version", "2.4.x");
-   php_info_print_table_row(2, "Supported ciphers", tmp);
-   php_info_print_table_row(2, "Supported modes", tmp2);
-   efree (tmp2);
-   efree (tmp);
+   php_info_print_table_row(2, "Supported ciphers", tmp1.c);
+   php_info_print_table_row(2, "Supported modes", tmp2.c);
+   smart_str_free (&tmp1);
+   smart_str_free (&tmp2);
 #endif
php_info_print_table_end();

@@ -436,9 +438,9 @@
 {
zval **key, **iv;
zval **mcryptind;
-   char *key_s, *iv_s;
+   unsigned char *key_s, *iv_s;
char dummy[256];
-   int key_size, iv_size;
+   int max_key_size, iv_size;
MCRYPT td;
int argc;
 MCLS_FETCH();
@@ -450,21 +452,22 @@
ZEND_FETCH_RESOURCE (td, MCRYPT, mcryptind, -1, "MCrypt", MCG(le_h));  
 
convert_to_string_ex (key);
convert_to_string_ex (iv);
-
-   key_size = mcrypt_enc_get_key_size (td);
-   key_s = emalloc (key_size + 1);
-   memset (key_s, 0, key_size + 1);
 
+   max_key_size = mcrypt_enc_get_key_size (td);
iv_size = mcrypt_enc_get_iv_size (td);
+
+   key_s = emalloc (Z_STRLEN_PP(key));
+   memset (key_s, 0, Z_STRLEN_PP(key));
+
iv_s = emalloc (iv_size + 1);
memset (iv_s, 0, iv_size + 1);
 
-   if (Z_STRLEN_PP(key) != key_size) {
-   sprintf (dummy, "key size incorrect; supplied length: %d, needed: %d", 
-   Z_STRLEN_PP(key), key_size);
+   if (Z_STRLEN_PP(key) > max_key_size) {
+   sprintf (dummy, "key size too large; supplied length: %d, max: %d", 
+   Z_STRLEN_PP(key), max_key_size);
php_error (E_NOTICE, dummy);
}
-   strncpy (key_s, Z_STRVAL_PP(key), key_size);
+   strncpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
 
if (Z_STRLEN_PP(iv) != iv_size) {
sprintf (dummy, "iv size incorrect; supplied length: %d, needed: %d", 
@@ -473,7 +476,7 @@
}
strncpy (iv_s, Z_STRVAL_PP(iv), iv_size);
 
-   RETVAL_LONG (mcrypt_generic_init (td, key_s, key_size, iv_s));
+   RETVAL_LONG (mcrypt_generic_init (td, key_s, Z_STRLEN_PP(key), iv_s));
efree (iv_s);
efree (key_s);
 }
@@ -487,7 +490,7 @@
zval **data, **mcryptind;
MCRYPT td;
int argc;
-   char* data_s;
+   unsigned char* data_s;
int block_size, data_size;
 MCLS_FETCH();

@@ -1294,7 +1297,7 @@
memset (data_s, 0, data_size);
memcpy (data_s, Z_STRVAL_PP(data), Z_STRLEN_PP(data));
}
-   
+
if (mcrypt_generic_init (td, key_s, use_key_length, iv_s) < 0) {
php_error (E_ERROR, "generic_init failed");
}



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

2001-03-16 Thread Derick Rethans


derick  Fri Mar 16 07:59:46 2001 EDT

  Modified files:  
/php4/ext/mcryptmcrypt.c 
  Log:
  - Fixed mem leak
  
  
Index: php4/ext/mcrypt/mcrypt.c
diff -u php4/ext/mcrypt/mcrypt.c:1.45 php4/ext/mcrypt/mcrypt.c:1.46
--- php4/ext/mcrypt/mcrypt.c:1.45   Sun Feb 25 22:07:02 2001
+++ php4/ext/mcrypt/mcrypt.cFri Mar 16 07:59:45 2001
@@ -1211,7 +1211,7 @@
int block_size, max_key_length, use_key_length, i, count, iv_size;
unsigned long int data_size;
int *key_length_sizes;
-   char *key_s, *iv_s;
+   char *key_s = NULL, *iv_s;
char *data_s;
MCRYPT td;
 MCLS_FETCH();
@@ -1307,6 +1307,8 @@
 
 /* freeing vars */
mcrypt_generic_end (td);
+   if (key_s != NULL)
+   efree (key_s);
if (iv_s != NULL)
efree (iv_s);
efree (data_s);



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

2001-01-13 Thread Colin Viebrock


cmv Sat Jan 13 12:55:15 2001 EDT

  Modified files:  
/php4/ext/mcryptmcrypt.c 
  Log:
  Support for perl-compatible blowfish encryption (in libmcrypt CVS and
  versions later than 2.4.8)
  
  
Index: php4/ext/mcrypt/mcrypt.c
diff -u php4/ext/mcrypt/mcrypt.c:1.43 php4/ext/mcrypt/mcrypt.c:1.44
--- php4/ext/mcrypt/mcrypt.c:1.43   Wed Nov 22 13:40:15 2000
+++ php4/ext/mcrypt/mcrypt.cSat Jan 13 12:55:15 2001
@@ -294,6 +294,7 @@
MCRYPT_ENTRY2_2_4(ARCFOUR_IV, "arcfour-iv");
MCRYPT_ENTRY2_2_4(ARCFOUR, "arcfour");
MCRYPT_ENTRY2_2_4(BLOWFISH, "blowfish");
+   MCRYPT_ENTRY2_2_4(BLOWFISH_COMPAT, "blowfish-compat");
MCRYPT_ENTRY2_2_4(CAST_128, "cast-128");
MCRYPT_ENTRY2_2_4(CAST_256, "cast-256");
MCRYPT_ENTRY2_2_4(CRYPT, "crypt");



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

Re: [PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

Re: [PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

[PHP-CVS] cvs: php4 /ext/mcrypt mcrypt.c

7 matches

Site Navigation

Mail list logo

Footer information