Bug #73058 crypt broken when salt is 'too' long

author: Anatol Belski <ab@php.net> 2016-09-10 02:39:28 +0200
committer: Anatol Belski <ab@php.net> 2016-09-10 02:39:28 +0200
commit: 669fda00b75a0d361810429e0ef53f6c740b1727 (patch)
tree: e83ecf98218dcac650940c3328a890f125f2658b /ext/standard/crypt_blowfish.c
parent: c42a7f2f3fdac5c71300e52b0f639d771791f20c (diff)
download: php-git-669fda00b75a0d361810429e0ef53f6c740b1727.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
index 3348d0cd27..5cf306715f 100644
--- a/ext/standard/crypt_blowfish.c
+++ b/ext/standard/crypt_blowfish.c
@@ -405,6 +405,10 @@ static int BF_decode(BF_word *dst, const char *src, int size)
 		*dptr++ = ((c3 & 0x03) << 6) | c4;
 	} while (dptr < end);
 
+	if (end - dptr == size) {
+		return -1;
+	}
+
 	while (dptr < end) /* PHP hack */
 		*dptr++ = 0;
author	Anatol Belski <ab@php.net>	2016-09-10 02:39:28 +0200
committer	Anatol Belski <ab@php.net>	2016-09-10 02:39:28 +0200
commit	669fda00b75a0d361810429e0ef53f6c740b1727 (patch)
tree	e83ecf98218dcac650940c3328a890f125f2658b /ext/standard/crypt_blowfish.c
parent	c42a7f2f3fdac5c71300e52b0f639d771791f20c (diff)
download	php-git-669fda00b75a0d361810429e0ef53f6c740b1727.tar.gz