summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStanislav Malyshev <stas@php.net>2011-07-04 23:38:09 +0000
committerStanislav Malyshev <stas@php.net>2011-07-04 23:38:09 +0000
commit01249bb40b37e7da4cf7aa2650784da8c1e37e2a (patch)
tree9cae7f0bd28aa41417b9fa9e8fac9e18f1817581
parentadabdede5e4cc039ebb7e128f3ed42fa4697c845 (diff)
downloadphp-git-01249bb40b37e7da4cf7aa2650784da8c1e37e2a.tar.gz
fix crypt() issue with overlong salt
Diffstat
-rw-r--r--ext/standard/crypt.c2
-rw-r--r--ext/standard/tests/strings/crypt_variation1.phpt23
2 files changed, 25 insertions, 0 deletions
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 03a080aa23..5bc2458894 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -179,6 +179,8 @@ PHP_FUNCTION(crypt)
salt[2] = '\0';
#endif
salt_in_len = strlen(salt);
+ } else {
+ salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len);
}
/* Windows (win32/crypt) has a stripped down version of libxcrypt and
diff --git a/ext/standard/tests/strings/crypt_variation1.phpt b/ext/standard/tests/strings/crypt_variation1.phpt
new file mode 100644
index 0000000000..6e0d3fe121
--- /dev/null
+++ b/ext/standard/tests/strings/crypt_variation1.phpt
@@ -0,0 +1,23 @@
+--TEST--
+crypt() function - long salt
+--SKIPIF--
+<?php
+if (!function_exists('crypt')) {
+ die("SKIP crypt() is not available");
+}
+?>
+--FILE--
+<?php
+
+$b = str_repeat("A", 124);
+echo crypt("A", "$5$" . $b)."\n";
+$b = str_repeat("A", 125);
+echo crypt("A", "$5$" . $b)."\n";
+$b = str_repeat("A", 4096);
+echo crypt("A", "$5$" . $b)."\n";
+
+?>
+--EXPECTF--
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
+$5$AAAAAAAAAAAAAAAA$frotiiztWZiwcncxnY5tWG9Ida2WOZEximjLXCleQu6
View Lorry Controller Status