]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 41a4379)
Fix #78510: Partially uninitialized buffer returned by sodium_crypto_generichash_init()
authorChristoph M. Becker <cmbecker69@gmx.de>
Mon, 9 Sep 2019 13:30:28 +0000 (15:30 +0200)
committerChristoph M. Becker <cmbecker69@gmx.de>
Mon, 9 Sep 2019 13:30:28 +0000 (15:30 +0200)
Backport jedisct1/libsodium.php@28d13bf437cb969a0583031fc7ac54c5a8dc8116.

NEWS patch | blob | history
ext/sodium/libsodium.c patch | blob | history
ext/sodium/tests/bug78510.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 2580bda506065fac256509405343bc0342c827f0..91f3cf35d1d640885c8159c17449fff88b723802 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,10 @@ PHP                                                                        NEWS
 - PDO_MySQL:
   . Fixed bug #41997 (SP call yields additional empty result set). (cmb)
 
+- sodium:
+  . Fixed bug #78510 (Partially uninitialized buffer returned by
+    sodium_crypto_generichash_init()). (Frank Denis, cmb)
+
 29 Aug 2019, PHP 7.2.22
 
 - Core:
diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
index f7b3ea4dcae3742ac1b3a3a43842f83e27a5e66b..584a918b6ead92026cebbb6be47471828308a162 100644 (file)
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -934,6 +934,7 @@ PHP_FUNCTION(sodium_crypto_generichash_init)
                zend_throw_exception(sodium_exception_ce, "unsupported key length", 0);
                return;
        }
+       memset(&state_tmp, 0, sizeof state_tmp);
        if (crypto_generichash_init((void *) &state_tmp, key, (size_t) key_len,
                                                                (size_t) hash_len) != 0) {
                zend_throw_exception(sodium_exception_ce, "internal error", 0);
diff --git a/ext/sodium/tests/bug78510.phpt b/ext/sodium/tests/bug78510.phpt
new file mode 100644 (file)
index 0000000..dc7e478
--- /dev/null
+++ b/ext/sodium/tests/bug78510.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init())
+--SKIPIF--
+<?php
+if (!extension_loaded("sodium")) print "skip extension not loaded";
+?>
+--FILE--
+<?php
+$key = hex2bin('36be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd47');
+$y = sodium_crypto_generichash_init($key, 64);
+var_dump(bin2hex($y));
+?>
+--EXPECT--
+string(768) "48e9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b000000000000000000000000000000000000000000000000000000000000000036be2998c85757e98c1abf3687c8db3a849a393701c05454023d9aba1096fd4700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000"
Unnamed repository; edit this file 'description' to name the repository.