nikic/commit.msg

## commit.msg
    Fix some lengths in crypt()

    Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too
    much memory will be allocated.

    sha512 has a 86 character checksum, not 43. That probably was a copy&paste
    from the sha256 code which indeed has 43.

    The allocation also were using sizeof(char *) instead of sizeof(char), thus
    allocating 4 or 8 times as much memory as necessary.

    The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller then the
    output buffer and thus not zeroing out everything. Use the size of the
    output buffer (needed) instead.

## crypt.diff
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 2eb4fc3..67425bc 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -199,8 +199,8 @@ PHP_FUNCTION(crypt)
                        char *output;
                        int needed = (sizeof(sha512_salt_prefix) - 1
                                                + sizeof(sha512_rounds_prefix) +
-                                               + PHP_MAX_SALT_LEN + 1 + 43 + 1)
-                       output = emalloc(needed * sizeof(char *));
+                                               + salt_in_len + 1 + 86 + 1);
+                       output = emalloc(needed * sizeof(char));
                        salt[salt_in_len] = '\0';

                        crypt_res = php_sha512_crypt_r(str, salt, output, needed
@@ -214,7 +214,7 @@ PHP_FUNCTION(crypt)
                                RETVAL_STRING(output, 1);
                        }

-                       memset(output, 0, PHP_MAX_SALT_LEN + 1);
+                       memset(output, 0, needed);
                        efree(output);
                } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
                        const char sha256_salt_prefix[] = "$5$";
@@ -222,8 +222,8 @@ PHP_FUNCTION(crypt)
                        char *output;
                        int needed = (sizeof(sha256_salt_prefix) - 1
                                                + sizeof(sha256_rounds_prefix) +
-                                               + PHP_MAX_SALT_LEN + 1 + 43 + 1)
-                       output = emalloc(needed * sizeof(char *));
+                                               + salt_in_len + 1 + 43 + 1);
+                       output = emalloc(needed * sizeof(char));
                        salt[salt_in_len] = '\0';

                        crypt_res = php_sha256_crypt_r(str, salt, output, needed
@@ -237,7 +237,7 @@ PHP_FUNCTION(crypt)
                                RETVAL_STRING(output, 1);
                        }

-                       memset(output, 0, PHP_MAX_SALT_LEN + 1);
+                       memset(output, 0, needed);
                        efree(output);
                } else if (
                                salt[0] == '$' &&
	Fix some lengths in crypt()

	Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too
	much memory will be allocated.

	sha512 has a 86 character checksum, not 43. That probably was a copy&paste
	from the sha256 code which indeed has 43.

	The allocation also were using sizeof(char *) instead of sizeof(char), thus
	allocating 4 or 8 times as much memory as necessary.

	The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller then the
	output buffer and thus not zeroing out everything. Use the size of the
	output buffer (needed) instead.
	diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
	index 2eb4fc3..67425bc 100644
	--- a/ext/standard/crypt.c
	+++ b/ext/standard/crypt.c
	@@ -199,8 +199,8 @@ PHP_FUNCTION(crypt)
	char *output;
	int needed = (sizeof(sha512_salt_prefix) - 1
	+ sizeof(sha512_rounds_prefix) +
	- + PHP_MAX_SALT_LEN + 1 + 43 + 1)
	- output = emalloc(needed * sizeof(char *));
	+ + salt_in_len + 1 + 86 + 1);
	+ output = emalloc(needed * sizeof(char));
	salt[salt_in_len] = '\0';

	crypt_res = php_sha512_crypt_r(str, salt, output, needed
	@@ -214,7 +214,7 @@ PHP_FUNCTION(crypt)
	RETVAL_STRING(output, 1);
	}

	- memset(output, 0, PHP_MAX_SALT_LEN + 1);
	+ memset(output, 0, needed);
	efree(output);
	} else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
	const char sha256_salt_prefix[] = "$5$";
	@@ -222,8 +222,8 @@ PHP_FUNCTION(crypt)
	char *output;
	int needed = (sizeof(sha256_salt_prefix) - 1
	+ sizeof(sha256_rounds_prefix) +
	- + PHP_MAX_SALT_LEN + 1 + 43 + 1)
	- output = emalloc(needed * sizeof(char *));
	+ + salt_in_len + 1 + 43 + 1);
	+ output = emalloc(needed * sizeof(char));
	salt[salt_in_len] = '\0';

	crypt_res = php_sha256_crypt_r(str, salt, output, needed
	@@ -237,7 +237,7 @@ PHP_FUNCTION(crypt)
	RETVAL_STRING(output, 1);
	}

	- memset(output, 0, PHP_MAX_SALT_LEN + 1);
	+ memset(output, 0, needed);
	efree(output);
	} else if (
	salt[0] == '$' &&