[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/standard/php_crypt_r.c branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt branches/PHP_5_3_1/NEWS branches/PHP_5_3_1/ext/standard/php_crypt_r.c branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt trunk/ext/standard/php_crypt_r.c trunk/ext/standard/tests/strings/bug50052.phpt

[Pierre-Alain Joye]

pajoye                                   Mon, 02 Nov 2009 20:46:52 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=290154

Log:
- Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size

Bug: http://bugs.php.net/50052 (Assigned) Crypt - Different Hashes on Windows 
and Linux on wrong Salt size
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c
    A   php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt
    U   php/php-src/branches/PHP_5_3_1/NEWS
    U   php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c
    A   php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt
    U   php/php-src/trunk/ext/standard/php_crypt_r.c
    A   php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt

Modified: php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c     2009-11-02 
20:10:03 UTC (rev 290153)
+++ php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c     2009-11-02 
20:46:52 UTC (rev 290154)
@@ -208,6 +208,7 @@
        if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, 
sp, sl + 1) != 0) {
                goto _destroyCtx1;
        }
+       passwd[MD5_MAGIC_LEN + sl] = '\0';
        strcat_s(passwd, MD5_HASH_MAX_LEN, "$");
 #else
        /* VC6 version doesn't have strcat_s or strncpy_s */

Added: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt       
                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt       
2009-11-02 20:46:52 UTC (rev 290154)
@@ -0,0 +1,12 @@
+--TEST--
+Bug #50052 (Different Hashes on Windows and Linux on wrong Salt size)
+--FILE--
+<?php
+$salt = '$1$f+uslYF01$';
+$password = 'test';
+echo $salt . "\n";
+echo crypt($password,$salt) . "\n";
+?>
+--EXPECT--
+$1$f+uslYF01$
+$1$f+uslYF0$orVloNmKSLvOeswusE0bY.

Modified: php/php-src/branches/PHP_5_3_1/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3_1/NEWS 2009-11-02 20:10:03 UTC (rev 290153)
+++ php/php-src/branches/PHP_5_3_1/NEWS 2009-11-02 20:46:52 UTC (rev 290154)
@@ -7,6 +7,8 @@

 - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)

+- Fuxed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size).
+  (Pierre)
 - Fixed bug #49908 (throwing exception in __autoload crashes when interface
   is not defined). (Felipe)
 - Fixed bug #49142 (crash when exception thrown from __tostring()).

Modified: php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c
===================================================================
--- php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c   2009-11-02 
20:10:03 UTC (rev 290153)
+++ php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c   2009-11-02 
20:46:52 UTC (rev 290154)
@@ -208,6 +208,7 @@
        if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, 
sp, sl + 1) != 0) {
                goto _destroyCtx1;
        }
+       passwd[MD5_MAGIC_LEN + sl] = '\0';
        strcat_s(passwd, MD5_HASH_MAX_LEN, "$");
 #else
        /* VC6 version doesn't have strcat_s or strncpy_s */

Added: php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt
===================================================================
--- php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt     
                        (rev 0)
+++ php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt     
2009-11-02 20:46:52 UTC (rev 290154)
@@ -0,0 +1,12 @@
+--TEST--
+Bug #20934 (html_entity_decode() crash when "" is passed)
+--FILE--
+<?php
+$salt = '$1$f+uslYF01$';
+$password = 'test';
+echo $salt . "\n";
+echo crypt($password,$salt) . "\n";
+?>
+--EXPECT--
+$1$f+uslYF01$
+$1$f+uslYF0$orVloNmKSLvOeswusE0bY.

Modified: php/php-src/trunk/ext/standard/php_crypt_r.c
===================================================================
--- php/php-src/trunk/ext/standard/php_crypt_r.c        2009-11-02 20:10:03 UTC 
(rev 290153)
+++ php/php-src/trunk/ext/standard/php_crypt_r.c        2009-11-02 20:46:52 UTC 
(rev 290154)
@@ -208,6 +208,7 @@
        if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, 
sp, sl + 1) != 0) {
                goto _destroyCtx1;
        }
+       passwd[MD5_MAGIC_LEN + sl] = '\0';
        strcat_s(passwd, MD5_HASH_MAX_LEN, "$");
 #else
        /* VC6 version doesn't have strcat_s or strncpy_s */

Added: php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt
===================================================================
--- php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt                  
        (rev 0)
+++ php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt  2009-11-02 
20:46:52 UTC (rev 290154)
@@ -0,0 +1,12 @@
+--TEST--
+Bug #50052 (Different Hashes on Windows and Linux on wrong Salt size)
+--FILE--
+<?php
+$salt = b'$1$f+uslYF01$';
+$password = b'test';
+echo $salt . "\n";
+echo crypt($password,$salt) . "\n";
+?>
+--EXPECT--
+$1$f+uslYF01$
+$1$f+uslYF0$orVloNmKSLvOeswusE0bY.


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php