mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-15 20:25:17 +03:00
39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
Patch-Source: https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5
|
|
|
|
From a92acbad873a05470af1a47cb785a18eadd827b5 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
|
|
Date: Mon, 23 Jan 2023 22:13:57 +0100
|
|
Subject: [PATCH] crypt: Fix possible buffer overread in php_crypt()
|
|
|
|
---
|
|
ext/standard/crypt.c | 1 +
|
|
ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++
|
|
2 files changed, 9 insertions(+)
|
|
create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt
|
|
|
|
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
|
|
index 8c105cf910e8..8316c8b96063 100644
|
|
--- a/ext/standard/crypt.c
|
|
+++ b/ext/standard/crypt.c
|
|
@@ -135,6 +135,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
|
|
} else if (
|
|
salt[0] == '$' &&
|
|
salt[1] == '2' &&
|
|
+ salt[2] != 0 &&
|
|
salt[3] == '$') {
|
|
char output[PHP_MAX_SALT_LEN + 1];
|
|
|
|
diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt
|
|
new file mode 100644
|
|
index 000000000000..085bc8a23904
|
|
--- /dev/null
|
|
+++ b/ext/standard/tests/password/password_bcrypt_short.phpt
|
|
@@ -0,0 +1,8 @@
|
|
+--TEST--
|
|
+Test that password_hash() does not overread buffers when a short hash is passed
|
|
+--FILE--
|
|
+<?php
|
|
+var_dump(password_verify("foo", '$2'));
|
|
+?>
|
|
+--EXPECT--
|
|
+bool(false)
|