- Fix bug #21039

#- This is somewhat of a hack, and thus I will not merge it to HEAD, as
#  I've lots of other commits waiting for that.

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index c242d08305fa24950110735f8d68aecd5fc59213..6b66353cf11451b315111f9e4d02b13f59e5ed30 100644 (file)
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -182,6 +182,13 @@ ZEND_GET_MODULE(mcrypt)
                WRONG_PARAM_COUNT;                                                                              \
        }
 
+#define MCRYPT_CHECK_PARAM_COUNT_EX(a,b)                                               \
+       if (argc < (a) || argc > (b)) {                                                         \
+               zend_get_parameters_ex(1, &mcryptind);                                  \
+               zend_list_delete (Z_LVAL_PP(mcryptind));                \
+               WRONG_PARAM_COUNT;                                                                              \
+       }
+
 #define MCRYPT_GET_CRYPT_ARGS                                                                  \
        switch (argc) {                                                                                         \
                case 5:                                                                                                 \
@@ -455,7 +462,7 @@ PHP_FUNCTION(mcrypt_generic_init)
        int result = 0;
        
        argc = ZEND_NUM_ARGS();
-       MCRYPT_CHECK_PARAM_COUNT (3,3)
+       MCRYPT_CHECK_PARAM_COUNT_EX (3,3)
        
        zend_get_parameters_ex(3, &mcryptind, &key, &iv);
        ZEND_FETCH_RESOURCE (td, MCRYPT, mcryptind, -1, "MCrypt", le_mcrypt);                           
@@ -530,7 +537,7 @@ PHP_FUNCTION(mcrypt_generic)
        int block_size, data_size;
        
        argc = ZEND_NUM_ARGS();
-       MCRYPT_CHECK_PARAM_COUNT (2,2)
+       MCRYPT_CHECK_PARAM_COUNT_EX (2,2)
        
        zend_get_parameters_ex(2, &mcryptind, &data);
        ZEND_FETCH_RESOURCE (td, MCRYPT, mcryptind, -1, "MCrypt", le_mcrypt);
@@ -571,7 +578,7 @@ PHP_FUNCTION(mdecrypt_generic)
        int block_size, data_size;
        
        argc = ZEND_NUM_ARGS();
-       MCRYPT_CHECK_PARAM_COUNT (2,2)
+       MCRYPT_CHECK_PARAM_COUNT_EX (2,2)
        
        zend_get_parameters_ex(2, &mcryptind, &data);
        ZEND_FETCH_RESOURCE (td, MCRYPT, mcryptind, -1, "MCrypt", le_mcrypt);                           

diff --git a/ext/mcrypt/tests/bug21039.phpt b/ext/mcrypt/tests/bug21039.phpt
new file mode 100644 (file)
index 0000000..c290c82
--- /dev/null
+++ b/ext/mcrypt/tests/bug21039.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #21039
+--SKIPIF--
+<?php if (!extension_loaded("mcrypt")) print "skip"; ?>
+--POST--
+--GET--
+--FILE--
+<?php
+       error_reporting(E_ALL);
+    $nthash    = "00000000000000000";
+    $challenge = "foo";
+    $td = mcrypt_module_open ('des', '', 'cbc', '');
+    $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
+    $var = @mcrypt_generic_init ($td, substr($nthash, 0, 8));
+    $res = @mcrypt_generic ($td, $challenge);
+    print "I'm alive!\n";
+?>
+--EXPECT--
+I'm alive!