diff options
author | Stanislav Malyshev <stas@php.net> | 2012-05-24 13:54:51 -0500 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2012-05-29 23:15:10 -0700 |
commit | bc1c1beea5b4cd1bec72d347bfd21e865258933a (patch) | |
tree | 8f2e3b2dd3152c6d751ce5cf0cab9dda12b3ca7a | |
parent | 460f932ea9b98482c2ce90ca36f377a1ea58241e (diff) | |
download | php-git-bc1c1beea5b4cd1bec72d347bfd21e865258933a.tar.gz |
fix CVE-2012-2143
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | ext/standard/crypt_freesec.c | 3 | ||||
-rw-r--r-- | ext/standard/tests/strings/crypt_chars.phpt | 19 |
3 files changed, 22 insertions, 1 deletions
@@ -5,6 +5,7 @@ PHP NEWS . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) - Core: + . Fixed CVE-2012-2143. (Solar Designer) . Fixed bug #62097 (fix for for bug #54547). (Gustavo) - Intl: diff --git a/ext/standard/crypt_freesec.c b/ext/standard/crypt_freesec.c index 49c397cca1..0a5c3ba5fa 100644 --- a/ext/standard/crypt_freesec.c +++ b/ext/standard/crypt_freesec.c @@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const char *setting, */ q = (u_char *) keybuf; while (q - (u_char *) keybuf < sizeof(keybuf)) { - if ((*q++ = *key << 1)) + *q++ = *key << 1; + if (*key) key++; } if (des_setkey((u_char *) keybuf, data)) diff --git a/ext/standard/tests/strings/crypt_chars.phpt b/ext/standard/tests/strings/crypt_chars.phpt new file mode 100644 index 0000000000..09cd868216 --- /dev/null +++ b/ext/standard/tests/strings/crypt_chars.phpt @@ -0,0 +1,19 @@ +--TEST-- +crypt() function - characters > 0x80 +--SKIPIF-- +<?php +if (!function_exists('crypt')) { + die("SKIP crypt() is not available"); +} +?> +--FILE-- +<?php +var_dump(crypt("À1234abcd", "99")); +var_dump(crypt("À9234abcd", "99")); +var_dump(crypt("À1234abcd", "_01234567")); +var_dump(crypt("À9234abcd", "_01234567")); +--EXPECT-- +string(13) "99PxawtsTfX56" +string(13) "99jcVcGxUZOWk" +string(20) "_01234567IBjxKliXXRQ" +string(20) "_012345678OSGpGQRVHA" |