diff options
| author | Pierre Joye <pajoye@php.net> | 2010-02-21 18:11:11 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2010-02-21 18:11:11 +0000 |
| commit | 30793bc04eb19cb898370535efc2b9a0fd53193c (patch) | |
| tree | 3478050050ef9a21b7988c06bbdf8d9d088e3dbf | |
| parent | 481d1045cfb92c629e3bafb15c7a652bd4c6a5f8 (diff) | |
| download | php-git-30793bc04eb19cb898370535efc2b9a0fd53193c.tar.gz | |
- Fix #51059, crypt can fail and return NULL, on almost all implementations
| -rw-r--r-- | ext/standard/crypt.c | 45 | ||||
| -rw-r--r-- | ext/standard/tests/strings/bug51059.phpt | 2 |
2 files changed, 35 insertions, 12 deletions
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 02c497b37e..9e2f49f57f 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -15,6 +15,7 @@ | Authors: Stig Bakken <ssb@php.net> | | Zeev Suraski <zeev@zend.com> | | Rasmus Lerdorf <rasmus@php.net> | + | Pierre Joye <pierre@php.net> | +----------------------------------------------------------------------+ */ @@ -147,7 +148,7 @@ PHP_FUNCTION(crypt) char salt[PHP_MAX_SALT_LEN + 1]; char *str, *salt_in = NULL; int str_len, salt_in_len = 0; - + char *crypt_res; salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; /* This will produce suitable results if people depend on DES-encryption @@ -196,9 +197,13 @@ PHP_FUNCTION(crypt) output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; - php_sha512_crypt_r(str, salt, output, needed); + crypt_res = php_sha512_crypt_r(str, salt, output, needed); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } - RETVAL_STRING(output, 1); memset(output, 0, PHP_MAX_SALT_LEN + 1); efree(output); } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { @@ -210,9 +215,14 @@ PHP_FUNCTION(crypt) + strlen(salt) + 1 + 43 + 1); output = emalloc(needed * sizeof(char *)); salt[salt_in_len] = '\0'; - php_sha256_crypt_r(str, salt, output, needed); - RETVAL_STRING(output, 1); + crypt_res = php_sha256_crypt_r(str, salt, output, needed); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } + memset(output, 0, PHP_MAX_SALT_LEN + 1); efree(output); } else if ( @@ -226,14 +236,25 @@ PHP_FUNCTION(crypt) char output[PHP_MAX_SALT_LEN + 1]; memset(output, 0, PHP_MAX_SALT_LEN + 1); - php_crypt_blowfish_rn(str, salt, output, sizeof(output)); - RETVAL_STRING(output, 1); + crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output)); + if (!crypt_res) { + RETVAL_FALSE; + } else { + RETVAL_STRING(output, 1); + } + memset(output, 0, PHP_MAX_SALT_LEN + 1); } else { memset(&buffer, 0, sizeof(buffer)); _crypt_extended_init_r(); - RETURN_STRING(_crypt_extended_r(str, salt, &buffer), 1); + + crypt_res = _crypt_extended_r(str, salt, &buffer); + if (!crypt_res) { + RETURN_FALSE; + } else { + RETURN_STRING(crypt_res, 1); + } } } #else @@ -248,8 +269,12 @@ PHP_FUNCTION(crypt) # else # error Data struct used by crypt_r() is unknown. Please report. # endif - - RETURN_STRING(crypt_r(str, salt, &buffer), 1); + crypt_res = crypt_r(str, salt, &buffer); + if (!crypt_res) { + RETURN_FALSE; + } else { + RETURN_STRING(crypt_res, 1); + } } # endif #endif diff --git a/ext/standard/tests/strings/bug51059.phpt b/ext/standard/tests/strings/bug51059.phpt index 561fc792c4..baf8a12c9c 100644 --- a/ext/standard/tests/strings/bug51059.phpt +++ b/ext/standard/tests/strings/bug51059.phpt @@ -1,7 +1,5 @@ --TEST-- Bug #51059 crypt() segfaults on certain salts ---XFAIL-- -Needs a patch from Pierre --FILE-- <?php |