Abort on missing IV if the enc_mode requires it

Previously the code fell back on using a NUL IV if no IV was passed and the encryption mode required it. This is dangerous and makes no sense from a practical point of view (as you could just as well use ECB then).
author: Nikita Popov <nikic@php.net> 2014-03-01 15:42:07 +0100
committer: Nikita Popov <nikic@php.net> 2014-03-05 15:32:31 +0100
commit: 25d801f97ec3f4bcac8977efd50f843eba9b19e1 (patch)
tree: 2d6fad9a23051add3dec3fd6088578ae0a23d039 /ext/mcrypt/mcrypt.c
parent: c4b7cdb41e6c4f2f4afe6fb35d585e1f5fe15b70 (diff)
download: php-git-25d801f97ec3f4bcac8977efd50f843eba9b19e1.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index 83b3765f74..889dce397f 100644
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -1230,9 +1230,9 @@ static void php_mcrypt_do_crypt(char* cipher, const char *key, int key_len, cons
 				memcpy(iv_s, iv, iv_size);
 			}
 		} else if (argc == 4) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempt to use an empty IV, which is NOT recommend");
-			iv_s = emalloc(iv_size + 1);
-			memset(iv_s, 0, iv_size + 1);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Encryption mode requires an initialization vector");
+			efree(key_s);
+			RETURN_FALSE;
 		}
 	}
author	Nikita Popov <nikic@php.net>	2014-03-01 15:42:07 +0100
committer	Nikita Popov <nikic@php.net>	2014-03-05 15:32:31 +0100
commit	25d801f97ec3f4bcac8977efd50f843eba9b19e1 (patch)
tree	2d6fad9a23051add3dec3fd6088578ae0a23d039 /ext/mcrypt/mcrypt.c
parent	c4b7cdb41e6c4f2f4afe6fb35d585e1f5fe15b70 (diff)
download	php-git-25d801f97ec3f4bcac8977efd50f843eba9b19e1.tar.gz