Moved buffer from heap to stack

author Julien Pauli <jpauli@php.net>

Mon, 4 Jan 2016 13:46:57 +0000 (14:46 +0100)

committer Julien Pauli <jpauli@php.net>

Wed, 6 Jan 2016 09:51:36 +0000 (10:51 +0100)
author Julien Pauli <jpauli@php.net>
Mon, 4 Jan 2016 13:46:57 +0000 (14:46 +0100)
committer Julien Pauli <jpauli@php.net>
Wed, 6 Jan 2016 09:51:36 +0000 (10:51 +0100)
diff --git a/ext/standard/password.c b/ext/standard/password.c

index f6b138d51639aa64f09d13c3c3338a05f567792e..e7016e85481b76e3b4c834880674da14425c495b 100644 (file)
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -307,7 +307,7 @@ PHP_FUNCTION(password_verify)
  Hash a password */
  PHP_FUNCTION(password_hash)
  {
-       char *hash_format, *hash, *salt, *password, *result;
+       char hash_format[8], *hash, *salt, *password, *result;
         long algo = 0;
         int password_len = 0, hash_len;
         size_t salt_len = 0, required_salt_len = 0, hash_format_len;
@@ -341,7 +341,6 @@ PHP_FUNCTION(password_hash)
                         }
                         
                         required_salt_len = 22;
-                       hash_format = emalloc(8);
                         sprintf(hash_format, "$2y$%02ld$", cost);
                         hash_format_len = 7;
                 }
@@ -380,25 +379,21 @@ PHP_FUNCTION(password_hash)
                         case IS_RESOURCE:
                         case IS_ARRAY:
                         default:
-                               efree(hash_format);
                                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied");
                                 RETURN_NULL();
                 }
                 if (buffer_len_int < 0) {
-                       efree(hash_format);
                         efree(buffer);
                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long");
                 }
                 buffer_len = (size_t) buffer_len_int;
                 if (buffer_len < required_salt_len) {
-                       efree(hash_format);
                         efree(buffer);
                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len);
                         RETURN_NULL();
                 } else if (php_password_salt_is_alphabet(buffer, buffer_len) == FAILURE) {
                         salt = safe_emalloc(required_salt_len, 1, 1);
                         if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE) {
-                               efree(hash_format);
                                 efree(buffer);
                                 efree(salt);
                                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu", (unsigned long) buffer_len);
@@ -414,7 +409,6 @@ PHP_FUNCTION(password_hash)
         } else {
                 salt = safe_emalloc(required_salt_len, 1, 1);
                 if (php_password_make_salt(required_salt_len, salt TSRMLS_CC) == FAILURE) {
-                       efree(hash_format);
                         efree(salt);
                         RETURN_FALSE;
                 }
@@ -427,7 +421,6 @@ PHP_FUNCTION(password_hash)
         sprintf(hash, "%s%s", hash_format, salt);
         hash[hash_format_len + salt_len] = 0;
  
-       efree(hash_format);
         efree(salt);
  
         /* This cast is safe, since both values are defined here in code and cannot overflow */
author	Julien Pauli <jpauli@php.net>
	Mon, 4 Jan 2016 13:46:57 +0000 (14:46 +0100)
committer	Julien Pauli <jpauli@php.net>
	Wed, 6 Jan 2016 09:51:36 +0000 (10:51 +0100)