#
e6cf7d77 |
| 29-Jun-2012 |
Nikita Popov |
Fix some lengths in crypt() Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too much memory will be allocated. sha512 has a 86 character checksum, not 43.
Fix some lengths in crypt() Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too much memory will be allocated. sha512 has a 86 character checksum, not 43. That probably was a copy&paste from the sha256 code which indeed has 43. The allocation also was using sizeof(char *), thus allocating 4 or 8 times as much memory as necessary. The sizeof(char *) was removed in the 5.4 branch in b7a92c9 but forgotten on 5.3. The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller than the output buffer and thus not zeroing out everything. Use the size of the output buffer (needed) instead.
show more ...
|
#
7e8276ca |
| 29-Jun-2012 |
Anthony Ferrara |
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt) Fixed a memory allocation bug in crypt() SHA256/512 that can cause segmentation faults when passed in salts with a null
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt) Fixed a memory allocation bug in crypt() SHA256/512 that can cause segmentation faults when passed in salts with a null byte early.
show more ...
|
#
6bb3865a |
| 28-Jun-2012 |
Anthony Ferrara |
Refactor crypt to use an external working function
|
Revision tags: php-5.3.14, php-5.4.4, php-5.3.14RC2, php-5.4.4RC2, php-5.3.14RC1, php-5.4.4RC1, php-5.3.13, php-5.4.3, php-5.4.2, php-5.3.12, php-5.3.11, php-5.4.1, php-5.3.11RC2, php-5.4.1RC2, php-5.3.11RC1, php-5.4.1RC1, PHP-5.4.1-RC1, php-5.4.0, php-5.4.0RC8, php-5.3.10, php-5.4.0RC7, php-5.4.0RC6, php-5.3.9, php-5.4.0RC5 |
|
#
e4ca0ed0 |
| 01-Jan-2012 |
Felipe Pena |
- Year++
|
#
8775a375 |
| 01-Jan-2012 |
Felipe Pena |
- Year++
|
#
4e198252 |
| 01-Jan-2012 |
Felipe Pena |
- Year++
|
Revision tags: php-5.3.9RC4, php-5.4.0RC4, php-5.3.9RC3, php-5.4.0RC3, php-5.3.9RC2, php-5.4.0RC2, php-5.4.0RC1, php-5.3.9RC1, php-5.4.0beta2, php-5.4.0beta1 |
|
#
ba04ba9c |
| 12-Sep-2011 |
Stanislav Malyshev |
MFB crypt fix
|
Revision tags: yaf-2.1.0, php-5.3.8, php-5.3.7, php-5.3.7RC5 |
|
#
64fc5657 |
| 09-Aug-2011 |
Xinchen Hui |
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
|
#
5dc31958 |
| 09-Aug-2011 |
Xinchen Hui |
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
|
#
0630945a |
| 09-Aug-2011 |
Xinchen Hui |
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
|
#
b7a92c97 |
| 07-Aug-2011 |
Rasmus Lerdorf |
I'm pretty sure you didn't mean to multiple by the size of a char* there since that makes no sense. output is an array of char, not an array of char* Pierre, please review
|
#
8dc95119 |
| 07-Aug-2011 |
Rasmus Lerdorf |
I'm pretty sure you didn't mean to multiple by the size of a char* there since that makes no sense. output is an array of char, not an array of char* Pierre, please review
|
Revision tags: php-5.4.0alpha3 |
|
#
caf6a6dc |
| 31-Jul-2011 |
Pierre Joye |
- blowfish 1.2 update, 2nd part
|
#
a7e1a71b |
| 31-Jul-2011 |
Pierre Joye |
- blowfish 1.2 update, 2nd part
|
#
991e108a |
| 31-Jul-2011 |
Pierre Joye |
- blowfish 1.2 update, 2nd part
|
Revision tags: php-5.3.7RC4, php-5.3.7RC3, php-5.4.0alpha2 |
|
#
5bd0be8a |
| 04-Jul-2011 |
Stanislav Malyshev |
fix crypt() issue with overlong salt
|
#
01249bb4 |
| 04-Jul-2011 |
Stanislav Malyshev |
fix crypt() issue with overlong salt
|
Revision tags: php-5.3.7RC2 |
|
#
b158091e |
| 26-Jun-2011 |
Stanislav Malyshev |
Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests # See details at http://www.openwall.com/lists/announce/2011/06/21/1
|
#
3acd5811 |
| 26-Jun-2011 |
Stanislav Malyshev |
Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests # See details at http://www.openwall.com/lists/announce/2011/06/21/1
|
Revision tags: php-5.4.0alpha1, php-5.3.7RC1, php-5.3.6, php-5.3.6RC3, php-5.3.6RC2, php-5.3.6RC1, php-5.2.17, php-5.3.5 |
|
#
927bf09c |
| 01-Jan-2011 |
Felipe Pena |
- Year++
|
#
0203cc3d |
| 01-Jan-2011 |
Felipe Pena |
- Year++
|
Revision tags: php-5.2.16, php-5.2.15, php-5.3.4, php-5.2.15RC2, php-5.3.4RC2, php-5.3.4RC1, php-5.2.15RC1, PHP_5_2_15RC1, oci8-1.4.3, php-5.2.14, php-5.3.3, php-5.3.3RC3, php-5.2.14RC3, php-5.3.3RC2, php-5.2.14RC2, php-5.3.3RC1, php-5.2.14RC1 |
|
#
02965012 |
| 14-Jun-2010 |
Pierre Joye |
- MFH
|
#
e86710ce |
| 22-Apr-2010 |
Felipe Pena |
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors)
|
#
5234958f |
| 22-Apr-2010 |
Felipe Pena |
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors)
|
#
6dbebc60 |
| 30-Mar-2010 |
Joey Smith |
Don't assume the SHA-based crypt constants are registered this is a partial fix for 51435.
|