pajoye Mon, 02 Nov 2009 20:46:52 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=290154
Log: - Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size Bug: http://bugs.php.net/50052 (Assigned) Crypt - Different Hashes on Windows and Linux on wrong Salt size Changed paths: U php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c A php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt U php/php-src/branches/PHP_5_3_1/NEWS U php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c A php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt U php/php-src/trunk/ext/standard/php_crypt_r.c A php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt Modified: php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c 2009-11-02 20:10:03 UTC (rev 290153) +++ php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c 2009-11-02 20:46:52 UTC (rev 290154) @@ -208,6 +208,7 @@ if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, sp, sl + 1) != 0) { goto _destroyCtx1; } + passwd[MD5_MAGIC_LEN + sl] = '\0'; strcat_s(passwd, MD5_HASH_MAX_LEN, "$"); #else /* VC6 version doesn't have strcat_s or strncpy_s */ Added: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50052.phpt 2009-11-02 20:46:52 UTC (rev 290154) @@ -0,0 +1,12 @@ +--TEST-- +Bug #50052 (Different Hashes on Windows and Linux on wrong Salt size) +--FILE-- +<?php +$salt = '$1$f+uslYF01$'; +$password = 'test'; +echo $salt . "\n"; +echo crypt($password,$salt) . "\n"; +?> +--EXPECT-- +$1$f+uslYF01$ +$1$f+uslYF0$orVloNmKSLvOeswusE0bY. Modified: php/php-src/branches/PHP_5_3_1/NEWS =================================================================== --- php/php-src/branches/PHP_5_3_1/NEWS 2009-11-02 20:10:03 UTC (rev 290153) +++ php/php-src/branches/PHP_5_3_1/NEWS 2009-11-02 20:46:52 UTC (rev 290154) @@ -7,6 +7,8 @@ - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) +- Fuxed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). + (Pierre) - Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined). (Felipe) - Fixed bug #49142 (crash when exception thrown from __tostring()). Modified: php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c =================================================================== --- php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c 2009-11-02 20:10:03 UTC (rev 290153) +++ php/php-src/branches/PHP_5_3_1/ext/standard/php_crypt_r.c 2009-11-02 20:46:52 UTC (rev 290154) @@ -208,6 +208,7 @@ if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, sp, sl + 1) != 0) { goto _destroyCtx1; } + passwd[MD5_MAGIC_LEN + sl] = '\0'; strcat_s(passwd, MD5_HASH_MAX_LEN, "$"); #else /* VC6 version doesn't have strcat_s or strncpy_s */ Added: php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt =================================================================== --- php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt (rev 0) +++ php/php-src/branches/PHP_5_3_1/ext/standard/tests/strings/bug50052.phpt 2009-11-02 20:46:52 UTC (rev 290154) @@ -0,0 +1,12 @@ +--TEST-- +Bug #20934 (html_entity_decode() crash when "" is passed) +--FILE-- +<?php +$salt = '$1$f+uslYF01$'; +$password = 'test'; +echo $salt . "\n"; +echo crypt($password,$salt) . "\n"; +?> +--EXPECT-- +$1$f+uslYF01$ +$1$f+uslYF0$orVloNmKSLvOeswusE0bY. Modified: php/php-src/trunk/ext/standard/php_crypt_r.c =================================================================== --- php/php-src/trunk/ext/standard/php_crypt_r.c 2009-11-02 20:10:03 UTC (rev 290153) +++ php/php-src/trunk/ext/standard/php_crypt_r.c 2009-11-02 20:46:52 UTC (rev 290154) @@ -208,6 +208,7 @@ if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, sp, sl + 1) != 0) { goto _destroyCtx1; } + passwd[MD5_MAGIC_LEN + sl] = '\0'; strcat_s(passwd, MD5_HASH_MAX_LEN, "$"); #else /* VC6 version doesn't have strcat_s or strncpy_s */ Added: php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt (rev 0) +++ php/php-src/trunk/ext/standard/tests/strings/bug50052.phpt 2009-11-02 20:46:52 UTC (rev 290154) @@ -0,0 +1,12 @@ +--TEST-- +Bug #50052 (Different Hashes on Windows and Linux on wrong Salt size) +--FILE-- +<?php +$salt = b'$1$f+uslYF01$'; +$password = b'test'; +echo $salt . "\n"; +echo crypt($password,$salt) . "\n"; +?> +--EXPECT-- +$1$f+uslYF01$ +$1$f+uslYF0$orVloNmKSLvOeswusE0bY.
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php