From c402adc3b2642660b9dbe5319cc22590add93956 Mon Sep 17 00:00:00 2001
From: Pierre Joye <pajoye@php.net>
Date: Sun, 21 Feb 2010 23:47:14 +0000
Subject: [PATCH] - Corrected the sanity check of the "setting" string in
 _crypt_blowfish_rn() to   reject iteration counts encoded as 36 through 39. 
 Previously, these would be   misinterpreted as being the same as 04 through
 07. (Solar Designer)

---
 ext/standard/crypt_blowfish.c                                 | 1 +
 ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
index b640a1081b..6f728ed795 100644
--- a/ext/standard/crypt_blowfish.c
+++ b/ext/standard/crypt_blowfish.c
@@ -606,6 +606,7 @@ char *php_crypt_blowfish_rn(__CONST char *key, __CONST char *setting,
 	    setting[3] != '$' ||
 	    setting[4] < '0' || setting[4] > '3' ||
 	    setting[5] < '0' || setting[5] > '9' ||
+	    (setting[4] == '3' && setting[5] > '1') ||
 	    setting[6] != '$') {
 		__set_errno(EINVAL);
 		return NULL;
diff --git a/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt b/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
index 03c6c8392a..6d40b0770e 100644
--- a/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
+++ b/ext/standard/tests/strings/crypt_blowfish_invalid_rounds.phpt
@@ -1,7 +1,5 @@
 --TEST--
 Test Blowfish crypt() with invalid rounds
---XFAIL--
-Needs a patch from Pierre
 --FILE--
 <?php
 
-- 
2.40.0