Merge branch 'PHP-5.3' into PHP-5.4

* PHP-5.3: fix CVE-2012-2143
2026-03-26 01:02:25 +01:00 · 2012-05-29 23:07:27 -07:00
parent 6074da9809 aab49e934d
commit 692b3bcd88
3 changed files with 22 additions and 1 deletions
--- a/1
+++ b/1
@@ -20,6 +20,7 @@ PHP                                                                        NEWS

 - Core:
  . Fixed missing bound check in iptcparse(). (chris at chiappa.net)
+  . Fixed CVE-2012-2143. (Solar Designer)
  . Fixed bug #62005 (unexpected behavior when incrementally assigning to a 
    member of a null object). (Laruence)
  . Fixed bug #61998 (Using traits with method aliases appears to result in
--- a/ext/standard/crypt_freesec.c
+++ b/ext/standard/crypt_freesec.c
@@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const char *setting,
 	 */
 	q = (u_char *) keybuf;
 	while (q - (u_char *) keybuf < sizeof(keybuf)) {
-		if ((*q++ = *key << 1))
+		*q++ = *key << 1;
+		if (*key)
 			key++;
 	}
 	if (des_setkey((u_char *) keybuf, data))
--- a/ext/standard/tests/strings/crypt_chars.phpt
+++ b/ext/standard/tests/strings/crypt_chars.phpt
@@ -0,0 +1,19 @@
+--TEST--
+crypt() function - characters > 0x80
+--SKIPIF--
+<?php
+if (!function_exists('crypt')) {
+        die("SKIP crypt() is not available");
+}
+?>
+--FILE--
+<?php
+var_dump(crypt("À1234abcd", "99"));
+var_dump(crypt("À9234abcd", "99"));
+var_dump(crypt("À1234abcd", "_01234567"));
+var_dump(crypt("À9234abcd", "_01234567"));
+--EXPECT--
+string(13) "99PxawtsTfX56"
+string(13) "99jcVcGxUZOWk"
+string(20) "_01234567IBjxKliXXRQ"
+string(20) "_012345678OSGpGQRVHA"