diff options
| author | Stanislav Malyshev <stas@php.net> | 2012-05-24 13:54:51 -0500 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2012-05-29 23:07:04 -0700 |
| commit | aab49e934de1fff046e659cbec46e3d053b41c34 (patch) | |
| tree | 91a2d1e7973995c36c91cf8e7d5071843b314d9a | |
| parent | 8d5e953a19a08e562448f2a0562228fd1be60715 (diff) | |
| download | php-git-aab49e934de1fff046e659cbec46e3d053b41c34.tar.gz | |
fix CVE-2012-2143
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/standard/crypt_freesec.c | 3 | ||||
| -rw-r--r-- | ext/standard/tests/strings/crypt_chars.phpt | 19 |
3 files changed, 24 insertions, 1 deletions
@@ -4,6 +4,9 @@ PHP NEWS - COM: . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) +- Core: + . Fixed CVE-2012-2143. (Solar Designer) + - Fileinfo: . Fixed magic file regex support. (Felipe) diff --git a/ext/standard/crypt_freesec.c b/ext/standard/crypt_freesec.c index 49c397cca1..0a5c3ba5fa 100644 --- a/ext/standard/crypt_freesec.c +++ b/ext/standard/crypt_freesec.c @@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const char *setting, */ q = (u_char *) keybuf; while (q - (u_char *) keybuf < sizeof(keybuf)) { - if ((*q++ = *key << 1)) + *q++ = *key << 1; + if (*key) key++; } if (des_setkey((u_char *) keybuf, data)) diff --git a/ext/standard/tests/strings/crypt_chars.phpt b/ext/standard/tests/strings/crypt_chars.phpt new file mode 100644 index 0000000000..09cd868216 --- /dev/null +++ b/ext/standard/tests/strings/crypt_chars.phpt @@ -0,0 +1,19 @@ +--TEST-- +crypt() function - characters > 0x80 +--SKIPIF-- +<?php +if (!function_exists('crypt')) { + die("SKIP crypt() is not available"); +} +?> +--FILE-- +<?php +var_dump(crypt("À1234abcd", "99")); +var_dump(crypt("À9234abcd", "99")); +var_dump(crypt("À1234abcd", "_01234567")); +var_dump(crypt("À9234abcd", "_01234567")); +--EXPECT-- +string(13) "99PxawtsTfX56" +string(13) "99jcVcGxUZOWk" +string(20) "_01234567IBjxKliXXRQ" +string(20) "_012345678OSGpGQRVHA" |