From: Nikita Popov Date: Wed, 24 Jun 2020 10:41:56 +0000 (+0200) Subject: Enforce min/max rounds in sha256/sha512 crypt X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8a8c8d4d6a273e991f4476418b952ea0db024bac;p=php Enforce min/max rounds in sha256/sha512 crypt This brings our implementation in line with glibc behavior. --- diff --git a/ext/standard/crypt_sha256.c b/ext/standard/crypt_sha256.c index 749b45ae47..f64cf00868 100644 --- a/ext/standard/crypt_sha256.c +++ b/ext/standard/crypt_sha256.c @@ -359,7 +359,11 @@ char * php_sha256_crypt_r(const char *key, const char *salt, char *buffer, int b zend_ulong srounds = ZEND_STRTOUL(num, &endp, 10); if (*endp == '$') { salt = endp + 1; - rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); + if (srounds < ROUNDS_MIN || srounds > ROUNDS_MAX) { + return NULL; + } + + rounds = srounds; rounds_custom = 1; } } diff --git a/ext/standard/crypt_sha512.c b/ext/standard/crypt_sha512.c index 0ef2a62afb..94dc772fd9 100644 --- a/ext/standard/crypt_sha512.c +++ b/ext/standard/crypt_sha512.c @@ -393,7 +393,11 @@ php_sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen) if (*endp == '$') { salt = endp + 1; - rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); + if (srounds < ROUNDS_MIN || srounds > ROUNDS_MAX) { + return NULL; + } + + rounds = srounds; rounds_custom = 1; } } diff --git a/ext/standard/tests/strings/crypt_sha256.phpt b/ext/standard/tests/strings/crypt_sha256.phpt index c011984ed9..0783d8f54b 100644 --- a/ext/standard/tests/strings/crypt_sha256.phpt +++ b/ext/standard/tests/strings/crypt_sha256.phpt @@ -41,8 +41,13 @@ $tests = array( ), 8 => array( '$5$rounds=10$roundstoolow', - 'the minimum number is still observed', - '$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC' + 'the number of rouns is too low', + '*0' + ), + 9 => array( + '$5$rounds=1000000000$roundstoohigh', + 'the number of rouns is too high', + '*0' ) ); diff --git a/ext/standard/tests/strings/crypt_sha512.phpt b/ext/standard/tests/strings/crypt_sha512.phpt index 589a2622de..649e529119 100644 --- a/ext/standard/tests/strings/crypt_sha512.phpt +++ b/ext/standard/tests/strings/crypt_sha512.phpt @@ -35,15 +35,20 @@ $tests = array( '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' ), 7 => array( - '$6$rounds=10$roundstoolow', - 'the minimum number is still observed', - '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' - ), - 8 => array( '$6$$bar$', 'foo', '$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu.' ), + 8 => array( + '$6$rounds=10$roundstoolow', + 'the number of rouns is too low', + '*0' + ), + 8 => array( + '$6$rounds=1000000000$roundstoohigh', + 'the number of rouns is too high', + '*0' + ), ); foreach ($tests as $iter => $t) {