summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
Diffstat (limited to 'ext')
-rw-r--r--ext/standard/password.c4
-rw-r--r--ext/standard/tests/password/bug75221.phpt19
2 files changed, 21 insertions, 2 deletions
diff --git a/ext/standard/password.c b/ext/standard/password.c
index d6fc66c610..f49624e655 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -523,7 +523,7 @@ PHP_FUNCTION(password_hash)
#endif
);
- encoded = zend_string_alloc(encoded_len, 0);
+ encoded = zend_string_alloc(encoded_len - 1, 0);
status = argon2_hash(
time_cost,
memory_cost,
@@ -535,7 +535,7 @@ PHP_FUNCTION(password_hash)
ZSTR_VAL(out),
ZSTR_LEN(out),
ZSTR_VAL(encoded),
- ZSTR_LEN(encoded),
+ encoded_len,
type,
ARGON2_VERSION_NUMBER
);
diff --git a/ext/standard/tests/password/bug75221.phpt b/ext/standard/tests/password/bug75221.phpt
new file mode 100644
index 0000000000..ec03f92ea6
--- /dev/null
+++ b/ext/standard/tests/password/bug75221.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #75221 (Argon2i always throws NUL at the end)
+--SKIPIF--
+<?php
+if (!defined('PASSWORD_ARGON2I')) die('skip password_hash not built with Argon2');
+?>
+--FILE--
+<?php
+$hash = password_hash(
+ "php",
+ PASSWORD_ARGON2I,
+ ['memory_cost' => 16384, 'time_cost' => 2, 'threads' => 4]
+);
+var_dump(substr($hash, -1, 1) !== "\0");
+?>
+===DONE===
+--EXPECT--
+bool(true)
+===DONE===
View Lorry Controller Status