archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Remove deprecated DES fallback in crypt()

Browse source
This commit is contained in:
Nikita Popov 2020-06-24 12:55:37 +02:00
parent 8a8c8d4d6a
commit d579b10c84
3 changed files with 11 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

28
ext/standard/crypt.c
View file

@ -51,9 +51,6 @@
/* Used to check DES salts to ensure that they contain only valid characters */
#define IS_VALID_SALT_CHARACTER(c) (((c) >= '.' && (c) <= '9') || ((c) >= 'A' && (c) <= 'Z') || ((c) >= 'a' && (c) <= 'z'))
#define DES_INVALID_SALT_ERROR "Supplied salt is not valid for DES. Possible bug in provided salt format."
PHP_MINIT_FUNCTION(crypt) /* {{{ */
{
REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT);
@ -163,20 +160,9 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
return result;
}
} else {
} else if (salt[0] == '_'
|| (IS_VALID_SALT_CHARACTER(salt[0]) && IS_VALID_SALT_CHARACTER(salt[1]))) {
/* DES Fallback */
/* Only check the salt if it's not EXT_DES */
if (salt[0] != '_') {
/* DES style hashes */
if (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1])) {
if (!quiet) {
/* error consistently about invalid DES fallbacks */
php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR);
}
}
}
memset(&buffer, 0, sizeof(buffer));
_crypt_extended_init_r();
@ -187,17 +173,13 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
result = zend_string_init(crypt_res, strlen(crypt_res), 0);
return result;
}
} else {
/* Unknown hash type */
return NULL;
}
}
#else
if (salt[0] != '$' && salt[0] != '_' && (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1]))) {
if (!quiet) {
/* error consistently about invalid DES fallbacks */
php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR);
}
}
# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE))
{
# if defined(CRYPT_R_STRUCT_CRYPT_DATA)

9
ext/standard/tests/crypt/des_fallback_invalid_salt.phpt
View file

@ -7,9 +7,6 @@ var_dump(crypt("test", "$#"));
var_dump(crypt("test", "$5zd$01"));
?>
--EXPECTF--
Deprecated: crypt(): Supplied salt is not valid for DES. Possible bug in provided salt format. in %s on line %d
string(13) "$#8MWASl5pGIk"
Deprecated: crypt(): Supplied salt is not valid for DES. Possible bug in provided salt format. in %s on line %d
string(13) "$54mkQyGCLvHs"
--EXPECT--
string(2) "*0"
string(2) "*0"