From 6e4f3d1967a8e7ab858262c5515e67b2f8912320 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Mon, 17 Jul 2017 08:00:41 +0200
Subject: [PATCH] fix new password related pieces wrt failing tests

---
 ext/standard/password.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ext/standard/password.c b/ext/standard/password.c
index 0e8efb6244..680eed47a8 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -341,7 +341,7 @@ PHP_FUNCTION(password_verify)
 }
 /* }}} */
 
-static zend_string* php_password_get_salt(zval *return_value, int required_salt_len, HashTable *options) {
+static zend_string* php_password_get_salt(zval *return_value, size_t required_salt_len, HashTable *options) {
 	zend_string *buffer;
 	zval *option_buffer;
 
@@ -377,7 +377,7 @@ static zend_string* php_password_get_salt(zval *return_value, int required_salt_
 	/* XXX all the crypt related APIs work with int for string length.
 		That should be revised for size_t and then we maybe don't require
 		the > INT_MAX check. */
-	if (ZSTR_LEN(buffer) > INT_MAX) {
+	if (ZEND_SIZE_T_INT_OVFL(ZSTR_LEN(buffer))) {
 		php_error_docref(NULL, E_WARNING, "Supplied salt is too long");
 		zend_string_release(buffer);
 		return NULL;
@@ -443,8 +443,8 @@ PHP_FUNCTION(password_hash)
 					RETURN_NULL();
 				}
 
-				hash_format_len = snprintf(hash_format, sizeof(hash_format), "$2y$%02ld$", (long) cost);
-				if (!(salt = php_password_get_salt(return_value, 22, options))) {
+				hash_format_len = snprintf(hash_format, sizeof(hash_format), "$2y$%02" ZEND_LONG_FMT_SPEC "$", cost);
+				if (!(salt = php_password_get_salt(return_value, Z_UL(22), options))) {
 					return;
 				}
 				ZSTR_VAL(salt)[ZSTR_LEN(salt)] = 0;
@@ -510,7 +510,7 @@ PHP_FUNCTION(password_hash)
 					RETURN_NULL();
 				}
 
-				if (!(salt = php_password_get_salt(return_value, 16, options))) {
+				if (!(salt = php_password_get_salt(return_value, Z_UL(16), options))) {
 					return;
 				}
 
-- 
2.50.1