php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 08:12:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.2'

Browse Source
This commit is contained in:
Stanislav Malyshev
2023-02-12 21:34:14 -07:00
parent a9437ceb6f e8c64b62da
commit 0ebef331ac
7 changed files with 96 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ext/dom/document.c
View File

@@ -1182,7 +1182,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
int validate, recover, resolve_externals, keep_blanks, substitute_ent;
int resolved_path_len;
int old_error_reporting = 0;
char *directory=NULL, resolved_path[MAXPATHLEN];
char *directory=NULL, resolved_path[MAXPATHLEN + 1];
if (id != NULL) {
intern = Z_DOMOBJ_P(id);

1
ext/standard/crypt.c
View File

@@ -124,6 +124,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
} else if (
salt[0] == '$' &&
salt[1] == '2' &&
salt[2] != 0 &&
salt[3] == '$') {
char output[PHP_MAX_SALT_LEN + 1];

8
ext/standard/crypt_blowfish.c
View File

@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = {
#define BF_safe_atoi64(dst, src) \
{ \
tmp = (unsigned char)(src); \
if (tmp == '$') break; /* PHP hack */ \
if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
tmp = BF_atoi64[tmp]; \
if (tmp > 63) return -1; \
@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size)
*dptr++ = ((c3 & 0x03) << 6) | c4;
} while (dptr < end);
if (end - dptr == size) {
return -1;
}
while (dptr < end) /* PHP hack */
*dptr++ = 0;
return 0;
}

82
ext/standard/tests/crypt/bcrypt_salt_dollar.phpt Normal file
View File

@@ -0,0 +1,82 @@
--TEST--
bcrypt correctly rejects salts containing $
--FILE--
<?php
for ($i = 0; $i < 23; $i++) {
$salt = '$2y$04$' . str_repeat('0', $i) . '$';
$result = crypt("foo", $salt);
var_dump($salt);
var_dump($result);
var_dump($result === $salt);
}
?>
--EXPECT--
string(8) "$2y$04$$"
string(2) "*0"
bool(false)
string(9) "$2y$04$0$"
string(2) "*0"
bool(false)
string(10) "$2y$04$00$"
string(2) "*0"
bool(false)
string(11) "$2y$04$000$"
string(2) "*0"
bool(false)
string(12) "$2y$04$0000$"
string(2) "*0"
bool(false)
string(13) "$2y$04$00000$"
string(2) "*0"
bool(false)
string(14) "$2y$04$000000$"
string(2) "*0"
bool(false)
string(15) "$2y$04$0000000$"
string(2) "*0"
bool(false)
string(16) "$2y$04$00000000$"
string(2) "*0"
bool(false)
string(17) "$2y$04$000000000$"
string(2) "*0"
bool(false)
string(18) "$2y$04$0000000000$"
string(2) "*0"
bool(false)
string(19) "$2y$04$00000000000$"
string(2) "*0"
bool(false)
string(20) "$2y$04$000000000000$"
string(2) "*0"
bool(false)
string(21) "$2y$04$0000000000000$"
string(2) "*0"
bool(false)
string(22) "$2y$04$00000000000000$"
string(2) "*0"
bool(false)
string(23) "$2y$04$000000000000000$"
string(2) "*0"
bool(false)
string(24) "$2y$04$0000000000000000$"
string(2) "*0"
bool(false)
string(25) "$2y$04$00000000000000000$"
string(2) "*0"
bool(false)
string(26) "$2y$04$000000000000000000$"
string(2) "*0"
bool(false)
string(27) "$2y$04$0000000000000000000$"
string(2) "*0"
bool(false)
string(28) "$2y$04$00000000000000000000$"
string(2) "*0"
bool(false)
string(29) "$2y$04$000000000000000000000$"
string(2) "*0"
bool(false)
string(30) "$2y$04$0000000000000000000000$"
string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K"
bool(false)

8
ext/standard/tests/password/password_bcrypt_short.phpt Normal file
View File

@@ -0,0 +1,8 @@
--TEST--
Test that password_hash() does not overread buffers when a short hash is passed
--FILE--
<?php
var_dump(password_verify("foo", '$2'));
?>
--EXPECT--
bool(false)

2
ext/xmlreader/php_xmlreader.c
View File

@@ -1016,7 +1016,7 @@ PHP_METHOD(XMLReader, XML)
xmlreader_object *intern = NULL;
char *source, *uri = NULL, *encoding = NULL;
int resolved_path_len, ret = 0;
char *directory=NULL, resolved_path[MAXPATHLEN];
char *directory=NULL, resolved_path[MAXPATHLEN + 1];
xmlParserInputBufferPtr inputbfr;
xmlTextReaderPtr reader;

6
main/fopen_wrappers.c
View File

@@ -129,10 +129,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
*/
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
{
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char resolved_name[MAXPATHLEN + 1];
char resolved_basedir[MAXPATHLEN + 1];
char local_open_basedir[MAXPATHLEN];
char path_tmp[MAXPATHLEN];
char path_tmp[MAXPATHLEN + 1];
char *path_file;
size_t resolved_basedir_len;
size_t resolved_name_len;