From 5bd0be8a151c403b5c6a93db1549c62f55ce0470 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 4 Jul 2011 23:38:09 +0000 Subject: [PATCH] fix crypt() issue with overlong salt --- NEWS | 1 + ext/standard/crypt.c | 2 ++ .../tests/strings/crypt_variation1.phpt | 23 +++++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 ext/standard/tests/strings/crypt_variation1.phpt diff --git a/NEWS b/NEWS index 8a127ec93f..48b2180097 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ PHP NEWS - Core . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces) (Ralph Schindler, Dmitry) + . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) - PDO DBlib: . Fixed bug #54329 (MSSql extension memory leak). diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 65d83243d6..efccd25b8e 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -179,6 +179,8 @@ PHP_FUNCTION(crypt) salt[2] = '\0'; #endif salt_in_len = strlen(salt); + } else { + salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); } /* Windows (win32/crypt) has a stripped down version of libxcrypt and diff --git a/ext/standard/tests/strings/crypt_variation1.phpt b/ext/standard/tests/strings/crypt_variation1.phpt new file mode 100644 index 0000000000..6e0d3fe121 --- /dev/null +++ b/ext/standard/tests/strings/crypt_variation1.phpt @@ -0,0 +1,23 @@ +--TEST-- +crypt() function - long salt +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 +$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6 -- 2.50.1