From 01249bb40b37e7da4cf7aa2650784da8c1e37e2a Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 4 Jul 2011 23:38:09 +0000
Subject: [PATCH] fix crypt() issue with overlong salt

---
 ext/standard/crypt.c                          |  2 ++
 .../tests/strings/crypt_variation1.phpt       | 23 +++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 ext/standard/tests/strings/crypt_variation1.phpt

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 03a080aa23..5bc2458894 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -179,6 +179,8 @@ PHP_FUNCTION(crypt)
 		salt[2] = '\0';
 #endif
 		salt_in_len = strlen(salt);
+	} else {
+		salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len);
 	}
 
 /* Windows (win32/crypt) has a stripped down version of libxcrypt and 
diff --git a/ext/standard/tests/strings/crypt_variation1.phpt b/ext/standard/tests/strings/crypt_variation1.phpt
new file mode 100644
index 0000000000..6e0d3fe121
--- /dev/null
+++ b/ext/standard/tests/strings/crypt_variation1.phpt
@@ -0,0 +1,23 @@
+--TEST--
+crypt() function - long salt
+--SKIPIF--
+<?php
+if (!function_exists('crypt')) {
+	die("SKIP crypt() is not available");
+}
+?> 
+--FILE--
+<?php
+
+$b = str_repeat("A", 124);
+echo crypt("A", "$5$" . $b)."\n";
+$b = str_repeat("A", 125);
+echo crypt("A", "$5$" . $b)."\n";
+$b = str_repeat("A", 4096);
+echo crypt("A", "$5$" . $b)."\n";
+
+?>
+--EXPECTF--
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
-- 
2.40.0