From aab49e934de1fff046e659cbec46e3d053b41c34 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Thu, 24 May 2012 13:54:51 -0500 Subject: [PATCH] fix CVE-2012-2143 --- NEWS | 3 +++ ext/standard/crypt_freesec.c | 3 ++- ext/standard/tests/strings/crypt_chars.phpt | 19 +++++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 ext/standard/tests/strings/crypt_chars.phpt diff --git a/NEWS b/NEWS index 6863a73e5e..0297393363 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,9 @@ PHP NEWS - COM: . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) +- Core: + . Fixed CVE-2012-2143. (Solar Designer) + - Fileinfo: . Fixed magic file regex support. (Felipe) diff --git a/ext/standard/crypt_freesec.c b/ext/standard/crypt_freesec.c index 49c397cca1..0a5c3ba5fa 100644 --- a/ext/standard/crypt_freesec.c +++ b/ext/standard/crypt_freesec.c @@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const char *setting, */ q = (u_char *) keybuf; while (q - (u_char *) keybuf < sizeof(keybuf)) { - if ((*q++ = *key << 1)) + *q++ = *key << 1; + if (*key) key++; } if (des_setkey((u_char *) keybuf, data)) diff --git a/ext/standard/tests/strings/crypt_chars.phpt b/ext/standard/tests/strings/crypt_chars.phpt new file mode 100644 index 0000000000..09cd868216 --- /dev/null +++ b/ext/standard/tests/strings/crypt_chars.phpt @@ -0,0 +1,19 @@ +--TEST-- +crypt() function - characters > 0x80 +--SKIPIF-- + +--FILE-- +