From: Pierre Joye <pajoye@php.net>
Date: Sun, 21 Feb 2010 18:11:11 +0000 (+0000)
Subject:  - Fix #51059, crypt can fail and return NULL, on almost all implementations
X-Git-Tag: php-5.4.0alpha1~191^2~1939
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=30793bc04eb19cb898370535efc2b9a0fd53193c;p=php

 - Fix #51059, crypt can fail and return NULL, on almost all implementations
---

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 02c497b37e..9e2f49f57f 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -15,6 +15,7 @@
    | Authors: Stig Bakken <ssb@php.net>                                   |
    |          Zeev Suraski <zeev@zend.com>                                |
    |          Rasmus Lerdorf <rasmus@php.net>                             |
+   |          Pierre Joye <pierre@php.net>                                |
    +----------------------------------------------------------------------+
 */
 
@@ -147,7 +148,7 @@ PHP_FUNCTION(crypt)
 	char salt[PHP_MAX_SALT_LEN + 1];
 	char *str, *salt_in = NULL;
 	int str_len, salt_in_len = 0;
-
+	char *crypt_res;
 	salt[0] = salt[PHP_MAX_SALT_LEN] = '\0';
 
 	/* This will produce suitable results if people depend on DES-encryption
@@ -196,9 +197,13 @@ PHP_FUNCTION(crypt)
 			output = emalloc(needed * sizeof(char *));
 			salt[salt_in_len] = '\0';
 
-			php_sha512_crypt_r(str, salt, output, needed);
+			crypt_res = php_sha512_crypt_r(str, salt, output, needed);
+			if (!crypt_res) {
+				RETVAL_FALSE;
+			} else {
+				RETVAL_STRING(output, 1);
+			}
 
-			RETVAL_STRING(output, 1);
 			memset(output, 0, PHP_MAX_SALT_LEN + 1);
 			efree(output);
 		} else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
@@ -210,9 +215,14 @@ PHP_FUNCTION(crypt)
 						+ strlen(salt) + 1 + 43 + 1);
 			output = emalloc(needed * sizeof(char *));
 			salt[salt_in_len] = '\0';
-			php_sha256_crypt_r(str, salt, output, needed);
 
-			RETVAL_STRING(output, 1);
+			crypt_res = php_sha256_crypt_r(str, salt, output, needed);
+			if (!crypt_res) {
+				RETVAL_FALSE;
+			} else {
+				RETVAL_STRING(output, 1);
+			}
+
 			memset(output, 0, PHP_MAX_SALT_LEN + 1);
 			efree(output);
 		} else if (
@@ -226,14 +236,25 @@ PHP_FUNCTION(crypt)
 			char output[PHP_MAX_SALT_LEN + 1];
 
 			memset(output, 0, PHP_MAX_SALT_LEN + 1);
-			php_crypt_blowfish_rn(str, salt, output, sizeof(output));
 
-			RETVAL_STRING(output, 1);
+			crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output));
+			if (!crypt_res) {
+				RETVAL_FALSE;
+			} else {
+				RETVAL_STRING(output, 1);
+			}
+
 			memset(output, 0, PHP_MAX_SALT_LEN + 1);
 		} else {
 			memset(&buffer, 0, sizeof(buffer));
 			_crypt_extended_init_r();
-			RETURN_STRING(_crypt_extended_r(str, salt, &buffer), 1);
+
+			crypt_res = _crypt_extended_r(str, salt, &buffer);
+			if (!crypt_res) {
+				RETURN_FALSE;
+			} else {
+				RETURN_STRING(crypt_res, 1);
+			}
 		}
 	}
 #else
@@ -248,8 +269,12 @@ PHP_FUNCTION(crypt)
 #  else
 #    error Data struct used by crypt_r() is unknown. Please report.
 #  endif
-
-		RETURN_STRING(crypt_r(str, salt, &buffer), 1);
+		crypt_res = crypt_r(str, salt, &buffer);
+		if (!crypt_res) {
+			RETURN_FALSE;
+		} else {
+			RETURN_STRING(crypt_res, 1);
+		}
 	}
 # endif
 #endif
diff --git a/ext/standard/tests/strings/bug51059.phpt b/ext/standard/tests/strings/bug51059.phpt
index 561fc792c4..baf8a12c9c 100644
--- a/ext/standard/tests/strings/bug51059.phpt
+++ b/ext/standard/tests/strings/bug51059.phpt
@@ -1,7 +1,5 @@
 --TEST--
 Bug #51059 crypt() segfaults on certain salts
---XFAIL--
-Needs a patch from Pierre
 --FILE--
 <?php