- Fixed bug #52240 (hash_copy() does not copy the HMAC key, causes wrong results...

diff --git a/NEWS b/NEWS
index 13cedc6a2024340f4a19fecab7919b14a130d45f..b524920baaada35d26d110bb607bb49f17032743 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Jul 2010, PHP 5.3.3 RC3
-
+- Fixed bug #52240 (hash_copy() does not copy the HMAC key, causes wrong
+  results and PHP crashes). (Felipe)
 - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
   (Johannes)
 

diff --git a/ext/hash/hash.c b/ext/hash/hash.c
index a86222d8038ee2b38d612fbc5d4b20f41e0c5f10..bbe457dd8a3c9e4795e7ef3155065ed499950175 100644 (file)
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@@ -556,8 +556,10 @@ PHP_FUNCTION(hash_copy)
        copy_hash->ops = hash->ops;
        copy_hash->context = context;
        copy_hash->options = hash->options;
-       copy_hash->key = hash->key;
-
+       copy_hash->key = ecalloc(1, hash->ops->block_size);
+       if (hash->key) {
+               memcpy(copy_hash->key, hash->key, hash->ops->block_size);
+       }
        ZEND_REGISTER_RESOURCE(return_value, copy_hash, php_hash_le_hash);
 }
 /* }}} */

diff --git a/ext/hash/tests/bug52240.phpt b/ext/hash/tests/bug52240.phpt
new file mode 100644 (file)
index 0000000..1f8472c
--- /dev/null
+++ b/ext/hash/tests/bug52240.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #52240 (hash_copy() does not copy the HMAC key, causes wrong results and PHP crashes)
+--SKIPIF--
+<?php extension_loaded('hash') or die('skip'); ?>
+--FILE--
+<?php
+
+$h = hash_init('crc32b', HASH_HMAC, '123456' );
+$h2 = hash_copy($h);
+var_dump(hash_final($h));
+$h3 = hash_copy($h2);
+var_dump(hash_final($h2));
+var_dump(hash_final($h3));
+
+?>
+--EXPECT--
+string(8) "278af264"
+string(8) "278af264"
+string(8) "278af264"