Merge branch 'PHP-5.6' into PHP-7.0

* PHP-5.6:
  Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify

diff --cc ext/standard/crypt.c
index 66b37eb79ea77cf1e6127c746e40cdc5c0f4a560,10f19ff113d10d49d94bc5f5d0172351fc31065e..bca3bd1363ee43ffc2cc0ab52972284df158d0bb
--- 1/ext/standard/crypt.c
--- 2/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@@ -202,8 -196,19 +202,16 @@@ PHPAPI zend_string *php_crypt(const cha
                } else if (
                                salt[0] == '$' &&
                                salt[1] == '2' &&
 -                              salt[3] == '$' &&
 -                              salt[4] >= '0' && salt[4] <= '3' &&
 -                              salt[5] >= '0' && salt[5] <= '9' &&
 -                              salt[6] == '$') {
 +                              salt[3] == '$') {
                        char output[PHP_MAX_SALT_LEN + 1];
 -                              return FAILURE;
+                       int k = 7;
+ 
+                       while (isalnum(salt[k]) || '.' == salt[k] || '/' == salt[k]) {
+                               k++;
+                       }
+                       if (k != salt_len) {
++                              return NULL;
+                       }
  
                        memset(output, 0, PHP_MAX_SALT_LEN + 1);