diff options
| author | Anatol Belski <ab@php.net> | 2014-11-14 11:27:23 +0100 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2014-11-14 17:39:41 +0100 |
| commit | a85ce501da60999ded0f93d9889efa6792b2a6ec (patch) | |
| tree | 03f7cae851e5516a9aa2e2aa46a06393689739ea | |
| parent | dbddbcc950aec9956aaa942d1983981110984edd (diff) | |
| download | php-git-a85ce501da60999ded0f93d9889efa6792b2a6ec.tar.gz | |
partial cleanup to work with size_t str length in password_hash
php_crypt() and co use int, though this is fair enough. Could
be refactored later for tidiness reasons.
| -rw-r--r-- | ext/standard/password.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/ext/standard/password.c b/ext/standard/password.c index c58c28ab3c..cd2170b036 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -345,12 +345,11 @@ PHP_FUNCTION(password_hash) if (options && (option_buffer = zend_symtable_str_find(options, "salt", sizeof("salt")-1)) != NULL) { char *buffer; - size_t buffer_len_int = 0; - size_t buffer_len; + size_t buffer_len = 0; switch (Z_TYPE_P(option_buffer)) { case IS_STRING: buffer = estrndup(Z_STRVAL_P(option_buffer), Z_STRLEN_P(option_buffer)); - buffer_len_int = Z_STRLEN_P(option_buffer); + buffer_len = Z_STRLEN_P(option_buffer); break; case IS_LONG: case IS_DOUBLE: @@ -361,7 +360,7 @@ PHP_FUNCTION(password_hash) convert_to_string(&cast_option_buffer); if (Z_TYPE(cast_option_buffer) == IS_STRING) { buffer = estrndup(Z_STRVAL(cast_option_buffer), Z_STRLEN(cast_option_buffer)); - buffer_len_int = Z_STRLEN(cast_option_buffer); + buffer_len = Z_STRLEN(cast_option_buffer); zval_dtor(&cast_option_buffer); break; } @@ -377,16 +376,18 @@ PHP_FUNCTION(password_hash) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied"); RETURN_NULL(); } - if (buffer_len_int < 0) { + + /* XXX all the crypt related APIs work with int for string length. + That should be revised for size_t and then we maybe don't require + the > INT_MAX check. */ + if (buffer_len > INT_MAX) { efree(hash_format); efree(buffer); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long"); - } - buffer_len = (size_t) buffer_len_int; - if (buffer_len < required_salt_len) { + } else if (buffer_len < required_salt_len) { efree(hash_format); efree(buffer); - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %zd expecting %zd", buffer_len, required_salt_len); RETURN_NULL(); } else if (php_password_salt_is_alphabet(buffer, buffer_len) == FAILURE) { salt = safe_emalloc(required_salt_len, 1, 1); @@ -394,7 +395,7 @@ PHP_FUNCTION(password_hash) efree(hash_format); efree(buffer); efree(salt); - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu", (unsigned long) buffer_len); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %zd", buffer_len); RETURN_NULL(); } salt_len = required_salt_len; |