mirror of
https://github.com/php/php-src.git
synced 2025-08-15 21:48:51 +02:00
Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
This commit is contained in:
Anatol Belski
parent
1a840b9af0
commit
295303b590
2 changed files with 25 additions and 0 deletions
|
|
@ -201,6 +201,14 @@ PHPAPI int php_crypt(const char *password, const int pass_len, const char *salt,
|
|||
salt[5] >= '0' && salt[5] <= '9' &&
|
||||
salt[6] == '$') {
|
||||
char output[PHP_MAX_SALT_LEN + 1];
|
||||
int k = 7;
|
||||
|
||||
while (isalnum(salt[k]) || '.' == salt[k] || '/' == salt[k]) {
|
||||
k++;
|
||||
}
|
||||
if (k != salt_len) {
|
||||
return FAILURE;
|
||||
}
|
||||
|
||||
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
||||
|
||||
|
|
|
|||
17
ext/standard/tests/strings/bug72703.phpt
Normal file
17
ext/standard/tests/strings/bug72703.phpt
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
--TEST--
|
||||
Bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!function_exists('crypt'))) {
|
||||
die("SKIP crypt() is not available");
|
||||
}
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump(password_verify("","$2y$10$$"));
|
||||
?>
|
||||
==OK==
|
||||
--EXPECT--
|
||||
bool(false)
|
||||
==OK==
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue