diff options
author | Pierre Joye <pajoye@php.net> | 2010-02-21 23:47:14 +0000 |
---|---|---|
committer | Pierre Joye <pajoye@php.net> | 2010-02-21 23:47:14 +0000 |
commit | c402adc3b2642660b9dbe5319cc22590add93956 (patch) | |
tree | 59eb2127329a748970af5616d0eee42f2a94c2eb /ext/standard/crypt_blowfish.c | |
parent | dd8ab3ad579e97c3f004ac1a7f7135a1ea255a7d (diff) | |
download | php-git-c402adc3b2642660b9dbe5319cc22590add93956.tar.gz |
- Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to
reject iteration counts encoded as 36 through 39. Previously, these would be
misinterpreted as being the same as 04 through 07. (Solar Designer)
Diffstat (limited to 'ext/standard/crypt_blowfish.c')
-rw-r--r-- | ext/standard/crypt_blowfish.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c index b640a1081b..6f728ed795 100644 --- a/ext/standard/crypt_blowfish.c +++ b/ext/standard/crypt_blowfish.c @@ -606,6 +606,7 @@ char *php_crypt_blowfish_rn(__CONST char *key, __CONST char *setting, setting[3] != '$' || setting[4] < '0' || setting[4] > '3' || setting[5] < '0' || setting[5] > '9' || + (setting[4] == '3' && setting[5] > '1') || setting[6] != '$') { __set_errno(EINVAL); return NULL; |