diff options
| author | Anthony Ferrara <ircmaxell@gmail.com> | 2015-05-21 17:12:51 -0400 |
|---|---|---|
| committer | Anthony Ferrara <ircmaxell@gmail.com> | 2015-05-21 17:12:51 -0400 |
| commit | ed4052f1d5309cc974b134c2b78724d727ef9349 (patch) | |
| tree | 38dea7a932dbf30d3693c3b0251ce7afa5ae8c2d /ext/standard/crypt.c | |
| parent | 3dba00bc31eb92ef1187f6dd78f2c7bb3c003710 (diff) | |
| download | php-git-ed4052f1d5309cc974b134c2b78724d727ef9349.tar.gz | |
Fixed bug #69686 password_verify reports back error on PHP7 will null string.
The deprecation of DES salts created a warning when trying to verify them with password_hash. This bug fix adds a quiet mode to php_crypt() which is used by password_verify.
Diffstat (limited to 'ext/standard/crypt.c')
| -rw-r--r-- | ext/standard/crypt.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index da51ee9885..74ab291f62 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -151,7 +151,7 @@ static void php_to64(char *s, zend_long v, int n) /* {{{ */ } /* }}} */ -PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const char *salt, int salt_len) +PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const char *salt, int salt_len, zend_bool quiet) { char *crypt_res; zend_string *result; @@ -225,7 +225,10 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch if (salt[0] != '_') { /* DES style hashes */ if (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1])) { - php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR); + if (!quiet) { + /* error consistently about invalid DES fallbacks */ + php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR); + } } } @@ -254,8 +257,10 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch # error Data struct used by crypt_r() is unknown. Please report. # endif if (salt[0] != '$' && salt[0] != '_' && (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1]))) { - /* error consistently about invalid DES fallbacks */ - php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR); + if (!quiet) { + /* error consistently about invalid DES fallbacks */ + php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR); + } } crypt_res = crypt_r(password, salt, &buffer); if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) { @@ -313,7 +318,7 @@ PHP_FUNCTION(crypt) } salt[salt_in_len] = '\0'; - if ((result = php_crypt(str, (int)str_len, salt, (int)salt_in_len)) == NULL) { + if ((result = php_crypt(str, (int)str_len, salt, (int)salt_in_len, 0)) == NULL) { if (salt[0] == '*' && salt[1] == '0') { RETURN_STRING("*1"); } else { |