diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2017-10-12 12:52:58 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2017-10-12 12:52:58 +0200 |
| commit | eb4342eb141be5a55cf32e4d3a893530564e7ffd (patch) | |
| tree | 3813e1f7afba398ba8b343597e116926ca27bbdd /ext | |
| parent | 2392010af440583ff44b83b30685c63d21208abd (diff) | |
| parent | 3f8961dfac96a992df2516c0e383e6820eedd31b (diff) | |
| download | php-git-eb4342eb141be5a55cf32e4d3a893530564e7ffd.tar.gz | |
Merge branch 'PHP-7.2'
* PHP-7.2:
Fixed bug #75221 (Argon2i always throws NUL at the end)
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/standard/password.c | 4 | ||||
| -rw-r--r-- | ext/standard/tests/password/bug75221.phpt | 19 |
2 files changed, 21 insertions, 2 deletions
diff --git a/ext/standard/password.c b/ext/standard/password.c index d6fc66c610..f49624e655 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -523,7 +523,7 @@ PHP_FUNCTION(password_hash) #endif ); - encoded = zend_string_alloc(encoded_len, 0); + encoded = zend_string_alloc(encoded_len - 1, 0); status = argon2_hash( time_cost, memory_cost, @@ -535,7 +535,7 @@ PHP_FUNCTION(password_hash) ZSTR_VAL(out), ZSTR_LEN(out), ZSTR_VAL(encoded), - ZSTR_LEN(encoded), + encoded_len, type, ARGON2_VERSION_NUMBER ); diff --git a/ext/standard/tests/password/bug75221.phpt b/ext/standard/tests/password/bug75221.phpt new file mode 100644 index 0000000000..ec03f92ea6 --- /dev/null +++ b/ext/standard/tests/password/bug75221.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #75221 (Argon2i always throws NUL at the end) +--SKIPIF-- +<?php +if (!defined('PASSWORD_ARGON2I')) die('skip password_hash not built with Argon2'); +?> +--FILE-- +<?php +$hash = password_hash( + "php", + PASSWORD_ARGON2I, + ['memory_cost' => 16384, 'time_cost' => 2, 'threads' => 4] +); +var_dump(substr($hash, -1, 1) !== "\0"); +?> +===DONE=== +--EXPECT-- +bool(true) +===DONE=== |