- Fix #51059, crypt can fail and return NULL, on almost all implementations

author Pierre Joye <pajoye@php.net>

Sun, 21 Feb 2010 18:11:11 +0000 (18:11 +0000)

committer Pierre Joye <pajoye@php.net>

Sun, 21 Feb 2010 18:11:11 +0000 (18:11 +0000)
author Pierre Joye <pajoye@php.net>
Sun, 21 Feb 2010 18:11:11 +0000 (18:11 +0000)
committer Pierre Joye <pajoye@php.net>
Sun, 21 Feb 2010 18:11:11 +0000 (18:11 +0000)
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c

index fddfa5fc84ba272d9b0267bcce2f88a9f3bba54a..5123d8ff4a67efad55b06bf89804df1c822eaf92 100644 (file)
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -15,6 +15,7 @@
     | Authors: Stig Bakken <ssb@php.net>                                   |
     |          Zeev Suraski <zeev@zend.com>                                |
     |          Rasmus Lerdorf <rasmus@php.net>                             |
+   |          Pierre Joye <pierre@php.net>                                |
     +----------------------------------------------------------------------+
  */
  
@@ -146,7 +147,7 @@ PHP_FUNCTION(crypt)
         char salt[PHP_MAX_SALT_LEN + 1];
         char *str, *salt_in = NULL;
         int str_len, salt_in_len = 0;
-
+       char *crypt_res;
         salt[0] = salt[PHP_MAX_SALT_LEN] = '\0';
  
         /* This will produce suitable results if people depend on DES-encryption
@@ -195,9 +196,13 @@ PHP_FUNCTION(crypt)
                         output = emalloc(needed * sizeof(char *));
                         salt[salt_in_len] = '\0';
  
-                       php_sha512_crypt_r(str, salt, output, needed);
+                       crypt_res = php_sha512_crypt_r(str, salt, output, needed);
+                       if (!crypt_res) {
+                               RETVAL_FALSE;
+                       } else {
+                               RETVAL_STRING(output, 1);
+                       }
  
-                       RETVAL_STRING(output, 1);
                         memset(output, 0, PHP_MAX_SALT_LEN + 1);
                         efree(output);
                 } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
@@ -209,9 +214,14 @@ PHP_FUNCTION(crypt)
                                                 + strlen(salt) + 1 + 43 + 1);
                         output = emalloc(needed * sizeof(char *));
                         salt[salt_in_len] = '\0';
-                       php_sha256_crypt_r(str, salt, output, needed);
  
-                       RETVAL_STRING(output, 1);
+                       crypt_res = php_sha256_crypt_r(str, salt, output, needed);
+                       if (!crypt_res) {
+                               RETVAL_FALSE;
+                       } else {
+                               RETVAL_STRING(output, 1);
+                       }
+
                         memset(output, 0, PHP_MAX_SALT_LEN + 1);
                         efree(output);
                 } else if (
@@ -225,14 +235,25 @@ PHP_FUNCTION(crypt)
                         char output[PHP_MAX_SALT_LEN + 1];
  
                         memset(output, 0, PHP_MAX_SALT_LEN + 1);
-                       php_crypt_blowfish_rn(str, salt, output, sizeof(output));
  
-                       RETVAL_STRING(output, 1);
+                       crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output));
+                       if (!crypt_res) {
+                               RETVAL_FALSE;
+                       } else {
+                               RETVAL_STRING(output, 1);
+                       }
+
                         memset(output, 0, PHP_MAX_SALT_LEN + 1);
                 } else {
                         memset(&buffer, 0, sizeof(buffer));
                         _crypt_extended_init_r();
-                       RETURN_STRING(_crypt_extended_r(str, salt, &buffer), 1);
+
+                       crypt_res = _crypt_extended_r(str, salt, &buffer);
+                       if (!crypt_res) {
+                               RETURN_FALSE;
+                       } else {
+                               RETURN_STRING(crypt_res, 1);
+                       }
                 }
         }
  #else
@@ -247,8 +268,12 @@ PHP_FUNCTION(crypt)
  #  else
  #    error Data struct used by crypt_r() is unknown. Please report.
  #  endif
-
-               RETURN_STRING(crypt_r(str, salt, &buffer), 1);
+               crypt_res = crypt_r(str, salt, &buffer);
+               if (!crypt_res) {
+                       RETURN_FALSE;
+               } else {
+                       RETURN_STRING(crypt_res, 1);
+               }
         }
  # endif
  #endif
diff --git a/ext/standard/tests/strings/bug51059.phpt b/ext/standard/tests/strings/bug51059.phpt

index 561fc792c4f68b7de71c8c0ce8f7d9c616d2349f..baf8a12c9cb1bc206024447c9c11e0ae7a6f21ef 100644 (file)
--- a/ext/standard/tests/strings/bug51059.phpt
+++ b/ext/standard/tests/strings/bug51059.phpt
@@ -1,7 +1,5 @@
  --TEST--
  Bug #51059 crypt() segfaults on certain salts
---XFAIL--
-Needs a patch from Pierre
  --FILE--
  <?php
author	Pierre Joye <pajoye@php.net>
	Sun, 21 Feb 2010 18:11:11 +0000 (18:11 +0000)
committer	Pierre Joye <pajoye@php.net>
	Sun, 21 Feb 2010 18:11:11 +0000 (18:11 +0000)
ext/standard/crypt.c		patch \| blob \| history
ext/standard/tests/strings/bug51059.phpt		patch \| blob \| history