| #
e6cf7d77 |
| 29-Jun-2012 |
Nikita Popov |
Fix some lengths in crypt()
Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too
much memory will be allocated.
sha512 has a 86 character checksum, not 43.
Fix some lengths in crypt()
Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too
much memory will be allocated.
sha512 has a 86 character checksum, not 43. That probably was a copy&paste
from the sha256 code which indeed has 43.
The allocation also was using sizeof(char *), thus allocating 4 or 8 times
as much memory as necessary. The sizeof(char *) was removed in the 5.4
branch in b7a92c9 but forgotten on 5.3.
The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller than the
output buffer and thus not zeroing out everything. Use the size of the
output buffer (needed) instead.
show more ...
|
| #
7e8276ca |
| 29-Jun-2012 |
Anthony Ferrara |
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
Fixed a memory allocation bug in crypt() SHA256/512 that can
cause segmentation faults when passed in salts with a null
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
Fixed a memory allocation bug in crypt() SHA256/512 that can
cause segmentation faults when passed in salts with a null byte
early.
show more ...
|
| #
6bb3865a |
| 28-Jun-2012 |
Anthony Ferrara |
Refactor crypt to use an external working function
|
|
Revision tags: php-5.3.14, php-5.4.4, php-5.3.14RC2, php-5.4.4RC2, php-5.3.14RC1, php-5.4.4RC1, php-5.3.13, php-5.4.3, php-5.4.2, php-5.3.12, php-5.3.11, php-5.4.1, php-5.3.11RC2, php-5.4.1RC2, php-5.3.11RC1, php-5.4.1RC1, PHP-5.4.1-RC1, php-5.4.0, php-5.4.0RC8, php-5.3.10, php-5.4.0RC7, php-5.4.0RC6, php-5.3.9, php-5.4.0RC5 |
|
| #
e4ca0ed0 |
| 01-Jan-2012 |
Felipe Pena |
- Year++
|
| #
8775a375 |
| 01-Jan-2012 |
Felipe Pena |
- Year++
|
| #
4e198252 |
| 01-Jan-2012 |
Felipe Pena |
- Year++
|
|
Revision tags: php-5.3.9RC4, php-5.4.0RC4, php-5.3.9RC3, php-5.4.0RC3, php-5.3.9RC2, php-5.4.0RC2, php-5.4.0RC1, php-5.3.9RC1, php-5.4.0beta2, php-5.4.0beta1 |
|
| #
ba04ba9c |
| 12-Sep-2011 |
Stanislav Malyshev |
MFB crypt fix
|
|
Revision tags: yaf-2.1.0, php-5.3.8, php-5.3.7, php-5.3.7RC5 |
|
| #
64fc5657 |
| 09-Aug-2011 |
Xinchen Hui |
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
|
| #
5dc31958 |
| 09-Aug-2011 |
Xinchen Hui |
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
|
| #
0630945a |
| 09-Aug-2011 |
Xinchen Hui |
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
|
| #
b7a92c97 |
| 07-Aug-2011 |
Rasmus Lerdorf |
I'm pretty sure you didn't mean to multiple by the size of a char* there
since that makes no sense. output is an array of char, not an array of
char*
Pierre, please review
|
| #
8dc95119 |
| 07-Aug-2011 |
Rasmus Lerdorf |
I'm pretty sure you didn't mean to multiple by the size of a char* there
since that makes no sense. output is an array of char, not an array of
char*
Pierre, please review
|
|
Revision tags: php-5.4.0alpha3 |
|
| #
caf6a6dc |
| 31-Jul-2011 |
Pierre Joye |
- blowfish 1.2 update, 2nd part
|
| #
a7e1a71b |
| 31-Jul-2011 |
Pierre Joye |
- blowfish 1.2 update, 2nd part
|
| #
991e108a |
| 31-Jul-2011 |
Pierre Joye |
- blowfish 1.2 update, 2nd part
|
|
Revision tags: php-5.3.7RC4, php-5.3.7RC3, php-5.4.0alpha2 |
|
| #
5bd0be8a |
| 04-Jul-2011 |
Stanislav Malyshev |
fix crypt() issue with overlong salt
|
| #
01249bb4 |
| 04-Jul-2011 |
Stanislav Malyshev |
fix crypt() issue with overlong salt
|
|
Revision tags: php-5.3.7RC2 |
|
| #
b158091e |
| 26-Jun-2011 |
Stanislav Malyshev |
Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests
# See details at http://www.openwall.com/lists/announce/2011/06/21/1
|
| #
3acd5811 |
| 26-Jun-2011 |
Stanislav Malyshev |
Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests
# See details at http://www.openwall.com/lists/announce/2011/06/21/1
|
|
Revision tags: php-5.4.0alpha1, php-5.3.7RC1, php-5.3.6, php-5.3.6RC3, php-5.3.6RC2, php-5.3.6RC1, php-5.2.17, php-5.3.5 |
|
| #
927bf09c |
| 01-Jan-2011 |
Felipe Pena |
- Year++
|
| #
0203cc3d |
| 01-Jan-2011 |
Felipe Pena |
- Year++
|
|
Revision tags: php-5.2.16, php-5.2.15, php-5.3.4, php-5.2.15RC2, php-5.3.4RC2, php-5.3.4RC1, php-5.2.15RC1, PHP_5_2_15RC1, oci8-1.4.3, php-5.2.14, php-5.3.3, php-5.3.3RC3, php-5.2.14RC3, php-5.3.3RC2, php-5.2.14RC2, php-5.3.3RC1, php-5.2.14RC1 |
|
| #
02965012 |
| 14-Jun-2010 |
Pierre Joye |
- MFH
|
| #
e86710ce |
| 22-Apr-2010 |
Felipe Pena |
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors)
|
| #
5234958f |
| 22-Apr-2010 |
Felipe Pena |
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors)
|
| #
6dbebc60 |
| 30-Mar-2010 |
Joey Smith |
Don't assume the SHA-based crypt constants are registered
this is a partial fix for 51435.
|
