Created
June 29, 2012 10:54
-
-
Save nikic/3017323 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix some lengths in crypt() | |
Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too | |
much memory will be allocated. | |
sha512 has a 86 character checksum, not 43. That probably was a copy&paste | |
from the sha256 code which indeed has 43. | |
The allocation also were using sizeof(char *) instead of sizeof(char), thus | |
allocating 4 or 8 times as much memory as necessary. | |
The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller then the | |
output buffer and thus not zeroing out everything. Use the size of the | |
output buffer (needed) instead. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c | |
index 2eb4fc3..67425bc 100644 | |
--- a/ext/standard/crypt.c | |
+++ b/ext/standard/crypt.c | |
@@ -199,8 +199,8 @@ PHP_FUNCTION(crypt) | |
char *output; | |
int needed = (sizeof(sha512_salt_prefix) - 1 | |
+ sizeof(sha512_rounds_prefix) + | |
- + PHP_MAX_SALT_LEN + 1 + 43 + 1) | |
- output = emalloc(needed * sizeof(char *)); | |
+ + salt_in_len + 1 + 86 + 1); | |
+ output = emalloc(needed * sizeof(char)); | |
salt[salt_in_len] = '\0'; | |
crypt_res = php_sha512_crypt_r(str, salt, output, needed | |
@@ -214,7 +214,7 @@ PHP_FUNCTION(crypt) | |
RETVAL_STRING(output, 1); | |
} | |
- memset(output, 0, PHP_MAX_SALT_LEN + 1); | |
+ memset(output, 0, needed); | |
efree(output); | |
} else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { | |
const char sha256_salt_prefix[] = "$5$"; | |
@@ -222,8 +222,8 @@ PHP_FUNCTION(crypt) | |
char *output; | |
int needed = (sizeof(sha256_salt_prefix) - 1 | |
+ sizeof(sha256_rounds_prefix) + | |
- + PHP_MAX_SALT_LEN + 1 + 43 + 1) | |
- output = emalloc(needed * sizeof(char *)); | |
+ + salt_in_len + 1 + 43 + 1); | |
+ output = emalloc(needed * sizeof(char)); | |
salt[salt_in_len] = '\0'; | |
crypt_res = php_sha256_crypt_r(str, salt, output, needed | |
@@ -237,7 +237,7 @@ PHP_FUNCTION(crypt) | |
RETVAL_STRING(output, 1); | |
} | |
- memset(output, 0, PHP_MAX_SALT_LEN + 1); | |
+ memset(output, 0, needed); | |
efree(output); | |
} else if ( | |
salt[0] == '$' && |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment