iliaa Tue, 05 Jul 2011 20:10:45 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=312952
Log: Fixed bug relating to un-initialized memory access Changed paths: U php/php-src/branches/PHP_5_3/ext/standard/crypt_sha256.c U php/php-src/branches/PHP_5_3/ext/standard/crypt_sha512.c U php/php-src/branches/PHP_5_4/ext/standard/crypt_sha256.c U php/php-src/branches/PHP_5_4/ext/standard/crypt_sha512.c U php/php-src/trunk/ext/standard/crypt_sha256.c U php/php-src/trunk/ext/standard/crypt_sha512.c Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt_sha256.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/crypt_sha256.c 2011-07-05 19:24:18 UTC (rev 312951) +++ php/php-src/branches/PHP_5_3/ext/standard/crypt_sha256.c 2011-07-05 20:10:45 UTC (rev 312952) @@ -395,9 +395,10 @@ } if ((salt - (char *) 0) % __alignof__(uint32_t) != 0) { - char *tmp = (char *) alloca(salt_len + __alignof__(uint32_t)); + char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint32_t)); salt = copied_salt = memcpy(tmp + __alignof__(uint32_t) - (tmp - (char *) 0) % __alignof__ (uint32_t), salt, salt_len); + tmp[salt_len] = 0; } /* Prepare for the real work. */ Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt_sha512.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/crypt_sha512.c 2011-07-05 19:24:18 UTC (rev 312951) +++ php/php-src/branches/PHP_5_3/ext/standard/crypt_sha512.c 2011-07-05 20:10:45 UTC (rev 312952) @@ -430,8 +430,8 @@ } if ((salt - (char *) 0) % __alignof__ (uint64_t) != 0) { - char *tmp = (char *) alloca(salt_len + __alignof__(uint64_t)); - + char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint64_t)); + tmp[salt_len] = 0; salt = copied_salt = memcpy(tmp + __alignof__(uint64_t) - (tmp - (char *) 0) % __alignof__(uint64_t), salt, salt_len); } Modified: php/php-src/branches/PHP_5_4/ext/standard/crypt_sha256.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/crypt_sha256.c 2011-07-05 19:24:18 UTC (rev 312951) +++ php/php-src/branches/PHP_5_4/ext/standard/crypt_sha256.c 2011-07-05 20:10:45 UTC (rev 312952) @@ -395,9 +395,10 @@ } if ((salt - (char *) 0) % __alignof__(uint32_t) != 0) { - char *tmp = (char *) alloca(salt_len + __alignof__(uint32_t)); + char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint32_t)); salt = copied_salt = memcpy(tmp + __alignof__(uint32_t) - (tmp - (char *) 0) % __alignof__ (uint32_t), salt, salt_len); + tmp[salt_len] = 0; } /* Prepare for the real work. */ Modified: php/php-src/branches/PHP_5_4/ext/standard/crypt_sha512.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/crypt_sha512.c 2011-07-05 19:24:18 UTC (rev 312951) +++ php/php-src/branches/PHP_5_4/ext/standard/crypt_sha512.c 2011-07-05 20:10:45 UTC (rev 312952) @@ -430,8 +430,8 @@ } if ((salt - (char *) 0) % __alignof__ (uint64_t) != 0) { - char *tmp = (char *) alloca(salt_len + __alignof__(uint64_t)); - + char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint64_t)); + tmp[salt_len] = 0; salt = copied_salt = memcpy(tmp + __alignof__(uint64_t) - (tmp - (char *) 0) % __alignof__(uint64_t), salt, salt_len); } Modified: php/php-src/trunk/ext/standard/crypt_sha256.c =================================================================== --- php/php-src/trunk/ext/standard/crypt_sha256.c 2011-07-05 19:24:18 UTC (rev 312951) +++ php/php-src/trunk/ext/standard/crypt_sha256.c 2011-07-05 20:10:45 UTC (rev 312952) @@ -395,9 +395,10 @@ } if ((salt - (char *) 0) % __alignof__(uint32_t) != 0) { - char *tmp = (char *) alloca(salt_len + __alignof__(uint32_t)); + char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint32_t)); salt = copied_salt = memcpy(tmp + __alignof__(uint32_t) - (tmp - (char *) 0) % __alignof__ (uint32_t), salt, salt_len); + tmp[salt_len] = 0; } /* Prepare for the real work. */ Modified: php/php-src/trunk/ext/standard/crypt_sha512.c =================================================================== --- php/php-src/trunk/ext/standard/crypt_sha512.c 2011-07-05 19:24:18 UTC (rev 312951) +++ php/php-src/trunk/ext/standard/crypt_sha512.c 2011-07-05 20:10:45 UTC (rev 312952) @@ -430,8 +430,8 @@ } if ((salt - (char *) 0) % __alignof__ (uint64_t) != 0) { - char *tmp = (char *) alloca(salt_len + __alignof__(uint64_t)); - + char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint64_t)); + tmp[salt_len] = 0; salt = copied_salt = memcpy(tmp + __alignof__(uint64_t) - (tmp - (char *) 0) % __alignof__(uint64_t), salt, salt_len); }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php