pajoye Sun, 21 Feb 2010 18:11:11 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=295309
Log: - Fix #51059, crypt can fail and return NULL, on almost all implementations Bug: http://bugs.php.net/51059 (Assigned) crypt() segfaults on certain salts Changed paths: U php/php-src/branches/PHP_5_3/ext/standard/crypt.c U php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug51059.phpt U php/php-src/trunk/ext/standard/crypt.c U php/php-src/trunk/ext/standard/tests/strings/bug51059.phpt Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2010-02-21 17:44:25 UTC (rev 295308) +++ php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2010-02-21 18:11:11 UTC (rev 295309) @@ -15,6 +15,7 @@ | Authors: Stig Bakken <s...@php.net> | | Zeev Suraski <z...@zend.com> | | Rasmus Lerdorf <ras...@php.net> | + | Pierre Joye <pie...@php.net> | +----------------------------------------------------------------------+ */ @@ -146,7 +147,7 @@ char salt[PHP_MAX_SALT_LEN + 1]; char *str, *salt_in = NULL; int str_len, salt_in_len = 0; - + char *crypt_res; salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; /* This will produce suitable results if people depend on DES-encryption @@ -195,9 +196,13 @@ output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; - php_sha512_crypt_r(str, salt, output, needed); + crypt_res = php_sha512_crypt_r(str, salt, output, needed); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } - RETVAL_STRING(output, 1); memset(output, 0, PHP_MAX_SALT_LEN + 1); efree(output); } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { @@ -209,9 +214,14 @@ + strlen(salt) + 1 + 43 + 1); output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; - php_sha256_crypt_r(str, salt, output, needed); - RETVAL_STRING(output, 1); + crypt_res = php_sha256_crypt_r(str, salt, output, needed); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } + memset(output, 0, PHP_MAX_SALT_LEN + 1); efree(output); } else if ( @@ -225,14 +235,25 @@ char output[PHP_MAX_SALT_LEN + 1]; memset(output, 0, PHP_MAX_SALT_LEN + 1); - php_crypt_blowfish_rn(str, salt, output, sizeof(output)); - RETVAL_STRING(output, 1); + crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output)); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } + memset(output, 0, PHP_MAX_SALT_LEN + 1); } else { memset(&buffer, 0, sizeof(buffer)); _crypt_extended_init_r(); - RETURN_STRING(_crypt_extended_r(str, salt, &buffer), 1); + + crypt_res = _crypt_extended_r(str, salt, &buffer); + if (!crypt_res) { + RETURN_FALSE; + } else { + RETURN_STRING(crypt_res, 1); + } } } #else @@ -247,8 +268,12 @@ # else # error Data struct used by crypt_r() is unknown. Please report. # endif - - RETURN_STRING(crypt_r(str, salt, &buffer), 1); + crypt_res = crypt_r(str, salt, &buffer); + if (!crypt_res) { + RETURN_FALSE; + } else { + RETURN_STRING(crypt_res, 1); + } } # endif #endif Modified: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug51059.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug51059.phpt 2010-02-21 17:44:25 UTC (rev 295308) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug51059.phpt 2010-02-21 18:11:11 UTC (rev 295309) @@ -1,7 +1,5 @@ --TEST-- Bug #51059 crypt() segfaults on certain salts ---XFAIL-- -Needs a patch from Pierre --FILE-- <?php Modified: php/php-src/trunk/ext/standard/crypt.c =================================================================== --- php/php-src/trunk/ext/standard/crypt.c 2010-02-21 17:44:25 UTC (rev 295308) +++ php/php-src/trunk/ext/standard/crypt.c 2010-02-21 18:11:11 UTC (rev 295309) @@ -15,6 +15,7 @@ | Authors: Stig Bakken <s...@php.net> | | Zeev Suraski <z...@zend.com> | | Rasmus Lerdorf <ras...@php.net> | + | Pierre Joye <pie...@php.net> | +----------------------------------------------------------------------+ */ @@ -147,7 +148,7 @@ char salt[PHP_MAX_SALT_LEN + 1]; char *str, *salt_in = NULL; int str_len, salt_in_len = 0; - + char *crypt_res; salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; /* This will produce suitable results if people depend on DES-encryption @@ -196,9 +197,13 @@ output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; - php_sha512_crypt_r(str, salt, output, needed); + crypt_res = php_sha512_crypt_r(str, salt, output, needed); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } - RETVAL_STRING(output, 1); memset(output, 0, PHP_MAX_SALT_LEN + 1); efree(output); } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { @@ -210,9 +215,14 @@ + strlen(salt) + 1 + 43 + 1); output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; - php_sha256_crypt_r(str, salt, output, needed); - RETVAL_STRING(output, 1); + crypt_res = php_sha256_crypt_r(str, salt, output, needed); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } + memset(output, 0, PHP_MAX_SALT_LEN + 1); efree(output); } else if ( @@ -226,14 +236,25 @@ char output[PHP_MAX_SALT_LEN + 1]; memset(output, 0, PHP_MAX_SALT_LEN + 1); - php_crypt_blowfish_rn(str, salt, output, sizeof(output)); - RETVAL_STRING(output, 1); + crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output)); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } + memset(output, 0, PHP_MAX_SALT_LEN + 1); } else { memset(&buffer, 0, sizeof(buffer)); _crypt_extended_init_r(); - RETURN_STRING(_crypt_extended_r(str, salt, &buffer), 1); + + crypt_res = _crypt_extended_r(str, salt, &buffer); + if (!crypt_res) { + RETURN_FALSE; + } else { + RETURN_STRING(crypt_res, 1); + } } } #else @@ -248,8 +269,12 @@ # else # error Data struct used by crypt_r() is unknown. Please report. # endif - - RETURN_STRING(crypt_r(str, salt, &buffer), 1); + crypt_res = crypt_r(str, salt, &buffer); + if (!crypt_res) { + RETURN_FALSE; + } else { + RETURN_STRING(crypt_res, 1); + } } # endif #endif Modified: php/php-src/trunk/ext/standard/tests/strings/bug51059.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/strings/bug51059.phpt 2010-02-21 17:44:25 UTC (rev 295308) +++ php/php-src/trunk/ext/standard/tests/strings/bug51059.phpt 2010-02-21 18:11:11 UTC (rev 295309) @@ -1,7 +1,5 @@ --TEST-- Bug #51059 crypt() segfaults on certain salts ---XFAIL-- -Needs a patch from Pierre --FILE-- <?php
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php