mirror of
https://github.com/php/php-src.git
synced 2025-08-15 13:38:49 +02:00
Remove deprecated DES fallback in crypt()
This commit is contained in:
Nikita Popov
parent
8a8c8d4d6a
commit
d579b10c84
3 changed files with 11 additions and 29 deletions
|
|
@ -437,6 +437,9 @@ PHP 8.0 UPGRADE NOTES
|
|||
respect the inherited locale without an explicit setlocale() call. An
|
||||
explicit setlocale() call is now always required if you wish to change any
|
||||
locale component from the default.
|
||||
. Remove deprecated DES fallback in crypt(). If an unknown salt format is
|
||||
passed to crypt(), the function will fail with *0 instead of falling back
|
||||
to a weak DES hash now.
|
||||
|
||||
- Sysvmsg:
|
||||
. msg_get_queue() will now return an SysvMessageQueue object rather than a
|
||||
|
|
|
|||
|
|
@ -51,9 +51,6 @@
|
|||
/* Used to check DES salts to ensure that they contain only valid characters */
|
||||
#define IS_VALID_SALT_CHARACTER(c) (((c) >= '.' && (c) <= '9') || ((c) >= 'A' && (c) <= 'Z') || ((c) >= 'a' && (c) <= 'z'))
|
||||
|
||||
#define DES_INVALID_SALT_ERROR "Supplied salt is not valid for DES. Possible bug in provided salt format."
|
||||
|
||||
|
||||
PHP_MINIT_FUNCTION(crypt) /* {{{ */
|
||||
{
|
||||
REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT);
|
||||
|
|
@ -163,20 +160,9 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
|
|||
ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
|
||||
return result;
|
||||
}
|
||||
} else {
|
||||
} else if (salt[0] == '_'
|
||||
|| (IS_VALID_SALT_CHARACTER(salt[0]) && IS_VALID_SALT_CHARACTER(salt[1]))) {
|
||||
/* DES Fallback */
|
||||
|
||||
/* Only check the salt if it's not EXT_DES */
|
||||
if (salt[0] != '_') {
|
||||
/* DES style hashes */
|
||||
if (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1])) {
|
||||
if (!quiet) {
|
||||
/* error consistently about invalid DES fallbacks */
|
||||
php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
memset(&buffer, 0, sizeof(buffer));
|
||||
_crypt_extended_init_r();
|
||||
|
||||
|
|
@ -187,17 +173,13 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
|
|||
result = zend_string_init(crypt_res, strlen(crypt_res), 0);
|
||||
return result;
|
||||
}
|
||||
} else {
|
||||
/* Unknown hash type */
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
#else
|
||||
|
||||
if (salt[0] != '$' && salt[0] != '_' && (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1]))) {
|
||||
if (!quiet) {
|
||||
/* error consistently about invalid DES fallbacks */
|
||||
php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE))
|
||||
{
|
||||
# if defined(CRYPT_R_STRUCT_CRYPT_DATA)
|
||||
|
|
|
|||
|
|
@ -7,9 +7,6 @@ var_dump(crypt("test", "$#"));
|
|||
var_dump(crypt("test", "$5zd$01"));
|
||||
|
||||
?>
|
||||
--EXPECTF--
|
||||
Deprecated: crypt(): Supplied salt is not valid for DES. Possible bug in provided salt format. in %s on line %d
|
||||
string(13) "$#8MWASl5pGIk"
|
||||
|
||||
Deprecated: crypt(): Supplied salt is not valid for DES. Possible bug in provided salt format. in %s on line %d
|
||||
string(13) "$54mkQyGCLvHs"
|
||||
--EXPECT--
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue