]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: adabded)
fix crypt() issue with overlong salt
authorStanislav Malyshev <stas@php.net>
Mon, 4 Jul 2011 23:38:09 +0000 (23:38 +0000)
committerStanislav Malyshev <stas@php.net>
Mon, 4 Jul 2011 23:38:09 +0000 (23:38 +0000)
ext/standard/crypt.c patch | blob | history
ext/standard/tests/strings/crypt_variation1.phpt [new file with mode: 0644] patch | blob

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 03a080aa23325ea2cc4822a4406a1fa23c3db41a..5bc245889443a15a44fa092c5fcdd7c20159e787 100644 (file)
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -179,6 +179,8 @@ PHP_FUNCTION(crypt)
                salt[2] = '\0';
 #endif
                salt_in_len = strlen(salt);
+       } else {
+               salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len);
        }
 
 /* Windows (win32/crypt) has a stripped down version of libxcrypt and 
diff --git a/ext/standard/tests/strings/crypt_variation1.phpt b/ext/standard/tests/strings/crypt_variation1.phpt
new file mode 100644 (file)
index 0000000..6e0d3fe
--- /dev/null
+++ b/ext/standard/tests/strings/crypt_variation1.phpt
@@ -0,0 +1,23 @@
+--TEST--
+crypt() function - long salt
+--SKIPIF--
+<?php
+if (!function_exists('crypt')) {
+       die("SKIP crypt() is not available");
+}
+?> 
+--FILE--
+<?php
+
+$b = str_repeat("A", 124);
+echo crypt("A", "$5$" . $b)."\n";
+$b = str_repeat("A", 125);
+echo crypt("A", "$5$" . $b)."\n";
+$b = str_repeat("A", 4096);
+echo crypt("A", "$5$" . $b)."\n";
+
+?>
+--EXPECTF--
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
Unnamed repository; edit this file 'description' to name the repository.