From: Stanislav Malyshev Date: Mon, 4 Jul 2011 23:38:09 +0000 (+0000) Subject: fix crypt() issue with overlong salt X-Git-Tag: php-5.3.7RC3~23 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5bd0be8a151c403b5c6a93db1549c62f55ce0470;p=php fix crypt() issue with overlong salt --- diff --git a/NEWS b/NEWS index 8a127ec93f..48b2180097 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ PHP NEWS - Core . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces) (Ralph Schindler, Dmitry) + . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) - PDO DBlib: . Fixed bug #54329 (MSSql extension memory leak). diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 65d83243d6..efccd25b8e 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -179,6 +179,8 @@ PHP_FUNCTION(crypt) salt[2] = '\0'; #endif salt_in_len = strlen(salt); + } else { + salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); } /* Windows (win32/crypt) has a stripped down version of libxcrypt and diff --git a/ext/standard/tests/strings/crypt_variation1.phpt b/ext/standard/tests/strings/crypt_variation1.phpt new file mode 100644 index 0000000000..6e0d3fe121 --- /dev/null +++ b/ext/standard/tests/strings/crypt_variation1.phpt @@ -0,0 +1,23 @@ +--TEST-- +crypt() function - long salt +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6