summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStanislav Malyshev <stas@php.net>2012-05-29 23:07:27 -0700
committerStanislav Malyshev <stas@php.net>2012-05-29 23:08:04 -0700
commit692b3bcd88ece3eefbc5131ecdf971ff18f191cf (patch)
tree7cb6a44c7eb1b248807685829c919cb4fedc77de
parent6074da9809dec8018e6affe6faf1a77f524bff97 (diff)
parentaab49e934de1fff046e659cbec46e3d053b41c34 (diff)
downloadphp-git-692b3bcd88ece3eefbc5131ecdf971ff18f191cf.tar.gz
Merge branch 'PHP-5.3' into PHP-5.4
* PHP-5.3: fix CVE-2012-2143
Diffstat
-rw-r--r--NEWS1
-rw-r--r--ext/standard/crypt_freesec.c3
-rw-r--r--ext/standard/tests/strings/crypt_chars.phpt19
3 files changed, 22 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 4a7cbd4366..898325afd1 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ PHP NEWS
- Core:
. Fixed missing bound check in iptcparse(). (chris at chiappa.net)
+ . Fixed CVE-2012-2143. (Solar Designer)
. Fixed bug #62005 (unexpected behavior when incrementally assigning to a
member of a null object). (Laruence)
. Fixed bug #61998 (Using traits with method aliases appears to result in
diff --git a/ext/standard/crypt_freesec.c b/ext/standard/crypt_freesec.c
index 49c397cca1..0a5c3ba5fa 100644
--- a/ext/standard/crypt_freesec.c
+++ b/ext/standard/crypt_freesec.c
@@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const char *setting,
*/
q = (u_char *) keybuf;
while (q - (u_char *) keybuf < sizeof(keybuf)) {
- if ((*q++ = *key << 1))
+ *q++ = *key << 1;
+ if (*key)
key++;
}
if (des_setkey((u_char *) keybuf, data))
diff --git a/ext/standard/tests/strings/crypt_chars.phpt b/ext/standard/tests/strings/crypt_chars.phpt
new file mode 100644
index 0000000000..09cd868216
--- /dev/null
+++ b/ext/standard/tests/strings/crypt_chars.phpt
@@ -0,0 +1,19 @@
+--TEST--
+crypt() function - characters > 0x80
+--SKIPIF--
+<?php
+if (!function_exists('crypt')) {
+ die("SKIP crypt() is not available");
+}
+?>
+--FILE--
+<?php
+var_dump(crypt("À1234abcd", "99"));
+var_dump(crypt("À9234abcd", "99"));
+var_dump(crypt("À1234abcd", "_01234567"));
+var_dump(crypt("À9234abcd", "_01234567"));
+--EXPECT--
+string(13) "99PxawtsTfX56"
+string(13) "99jcVcGxUZOWk"
+string(20) "_01234567IBjxKliXXRQ"
+string(20) "_012345678OSGpGQRVHA"
View Lorry Controller Status