archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify

Browse source
This commit is contained in:
Anatol Belski 2016-08-29 20:25:34 +02:00
parent 1a840b9af0
commit 295303b590
2 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ext/standard/crypt.c
View file

@ -201,6 +201,14 @@ PHPAPI int php_crypt(const char *password, const int pass_len, const char *salt,
salt[5] >= '0' && salt[5] <= '9' && salt[5] >= '0' && salt[5] <= '9' &&
salt[6] == '$') { salt[6] == '$') {
char output[PHP_MAX_SALT_LEN + 1]; char output[PHP_MAX_SALT_LEN + 1];
int k = 7;
while (isalnum(salt[k]) || '.' == salt[k] || '/' == salt[k]) {
k++;
}
if (k != salt_len) {
return FAILURE;
}
memset(output, 0, PHP_MAX_SALT_LEN + 1); memset(output, 0, PHP_MAX_SALT_LEN + 1);

17
ext/standard/tests/strings/bug72703.phpt Normal file
View file

@ -0,0 +1,17 @@
--TEST--
Bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
--SKIPIF--
<?php
if (!function_exists('crypt'))) {
die("SKIP crypt() is not available");
}
?>
--FILE--
<?php
var_dump(password_verify("","$2y$10$$"));
?>
==OK==
--EXPECT--
bool(false)
==OK==