php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-26 01:18:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7882d12ff2d8d8c5a4af821464e0a5ac2cde2002
archived-php-src/ext/standard
T
History
Tim Düsterhus 7882d12ff2 crypt: Fix validation of malformed BCrypt hashes 
PHP’s implementation of crypt_blowfish differs from the upstream Openwall
version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt
by including a `$` character within the characters that represent the salt.

Hashes that are affected by the “PHP Hack” may erroneously validate any
password as valid when used with `password_verify` and when comparing the
return value of `crypt()` against the input.

The PHP Hack exists since the first version of PHP’s own crypt_blowfish
implementation that was added in 1e820eca02.

No clear reason is given for the PHP Hack’s existence. This commit removes it,
because BCrypt hashes containing a `$` character in their salt are not valid
BCrypt hashes.
2023-02-13 13:17:01 -06:00
..
html_tables
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
tests
crypt: Fix validation of malformed BCrypt hashes
2023-02-13 13:17:01 -06:00
array.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-10-10 11:25:23 +03:00
assert.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
base64.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
base64.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
basic_functions_arginfo.h
Verify generated files are up to date in CI
2022-04-21 23:25:47 +02:00
basic_functions.c
Fix GH-9905: constant() behaves inconsistent when class is undefined
2022-11-09 15:21:50 +01:00
basic_functions.h
Use zend_string for putenv key (#7379)
2021-08-17 12:29:04 +02:00
basic_functions.stub.php
Merge branch 'PHP-8.0' into PHP-8.1
2021-12-23 11:49:33 +01:00
browscap.c
Fix -Wreturn-local-addr warning
2021-05-07 12:11:52 +02:00
config.m4
Merge branch 'PHP-8.0' into PHP-8.1
2022-07-15 12:48:09 +01:00
config.w32
Merge branch 'PHP-7.4' into PHP-8.0
2020-10-26 11:06:10 +01:00
crc32_x86.c
Avoid direct calls to zend_cpu_supports()
2020-11-27 11:18:10 +01:00
crc32_x86.h
X86: Fast CRC32 computation using PCLMULQDQ instruction
2020-09-02 15:10:41 +02:00
crc32.c
Fix pointer constness warning in crc32 module on arm64 (#7225)
2021-07-09 15:29:36 +02:00
crc32.h
phar: crc32: Extend and cleanup API for the new bulk crc32 functions
2021-07-03 21:03:47 +02:00
credits_ext.h
Update CREDITS
2020-06-17 13:04:01 +00:00
credits_sapi.h
Update CREDITS for PHP 7.2.30
2020-04-14 15:16:26 +00:00
credits.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
credits.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
crypt_blowfish.c
crypt: Fix validation of malformed BCrypt hashes
2023-02-13 13:17:01 -06:00
crypt_blowfish.h
Clean house in cryptographic hashing code
2020-06-24 13:40:27 +02:00
crypt_freesec.c
Clean house in cryptographic hashing code
2020-06-24 13:40:27 +02:00
crypt_freesec.h
crypt_sha256.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-07-01 05:34:05 +01:00
crypt_sha512.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-07-01 05:34:05 +01:00
crypt.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
css.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
css.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
datetime.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
datetime.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
dir_arginfo.h
Declare Directory properties
2021-08-19 10:39:23 +02:00
dir.c
Declare Directory properties
2021-08-19 10:39:23 +02:00
dir.stub.php
Declare Directory properties
2021-08-19 10:39:23 +02:00
dl_arginfo.h
Include stub hash in generated arginfo files
2020-06-24 09:55:19 +02:00
dl.c
Disable zend_rc_debug during dtor of dl()'ed module (#8606)
2022-05-24 19:22:55 +02:00
dl.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
dl.stub.php
Add stubs for some SAPIs
2020-05-14 13:35:12 +02:00
dns_win32.c
Merge branch 'PHP-8.0'
2021-08-30 18:55:16 +02:00
dns.c
Fix GH-7748: gethostbyaddr outputs binary string
2021-12-10 17:38:36 +01:00
exec.c
Remove 'register' type qualifier (#6980)
2021-05-14 13:38:01 +01:00
exec.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
file.c
Fix bug #66588: SplFileObject::fgetcsv incorrectly returns a row on premature EOF
2021-10-01 16:21:26 +02:00
file.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
filestat.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-03-04 16:07:54 +01:00
filters.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
flock_compat.c
Merge branch 'PHP-8.0'
2021-07-06 12:03:55 +02:00
flock_compat.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
formatted_print.c
Merge branch 'PHP-8.0' into PHP-8.1
2021-09-29 12:21:49 +02:00
fsock.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
fsock.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
ftok.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
ftp_fopen_wrapper.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
head.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
head.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
hrtime.c
Revert "hrtime implementation update for Mac"
2021-06-14 14:27:35 +02:00
hrtime.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
html_tables.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
html.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
html.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
http_fopen_wrapper.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-08-18 12:30:45 +02:00
http.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
image.c
Merge branch 'PHP-8.0'
2021-07-16 10:07:35 +02:00
incomplete_class.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
info.c
Fix GH-7815: php_uname doesn't recognise latest Windows versions
2021-12-27 15:08:11 +01:00
info.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
iptc.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
lcg.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
levenshtein.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
link.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
mail.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-01-17 22:32:37 +01:00
Makefile.frag
Revert "Remove some unnecessary explicit header dependencies"
2021-03-16 14:22:25 +01:00
Makefile.frag.w32
math.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
md5.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
md5.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
metaphone.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
microtime.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
mt_rand.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
net.c
Merge branch 'PHP-8.0'
2021-06-11 09:34:03 +02:00
pack.c
fix GH-7899 Regression in unpack for negative int value
2022-01-13 11:47:19 +01:00
pack.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
pageinfo.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
pageinfo.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
password.c
Merge branch 'PHP-8.0'
2021-07-20 15:14:08 +02:00
php_array.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_assert.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_browscap.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_crypt_r.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-09-29 20:40:33 +01:00
php_crypt_r.h
fix php_init_crypt_r/php_shutdown_crypt_r signatures warning.
2022-09-29 20:40:16 +01:00
php_crypt.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_dir.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_dns.h
Merge branch 'PHP-8.0' into PHP-8.1
2021-11-15 10:00:55 +01:00
php_ext_syslog.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_filestat.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_fopen_wrapper.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_fopen_wrappers.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_http.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_image.h
AVIF support for getimagesize() and imagecreatefromstring()
2021-07-07 00:02:57 +02:00
php_incomplete_class.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_lcg.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_mail.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_math.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_mt_rand.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_net.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_password.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_rand.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_random.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_smart_string_public.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_smart_string.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_standard.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_string.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_uuencode.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_var.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_versioning.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
proc_open.c
Refactor proc_open() implementation (#7255)
2021-08-11 14:51:55 +02:00
proc_open.h
Refactor proc_open() implementation (#7255)
2021-08-11 14:51:55 +02:00
quot_print.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
quot_print.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
rand.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
random.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-07-15 12:48:09 +01:00
scanf.c
Specify function pointer signature for scanf implementation
2021-05-12 18:58:44 +01:00
scanf.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
sha1.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
sha1.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
soundex.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
streamsfuncs.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-10-01 11:23:34 +02:00
streamsfuncs.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
string.c
Fix substr_replace with slots in repl_ht being UNDEF
2023-01-15 15:31:34 +00:00
strnatcmp.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
syslog.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-06-19 20:09:37 +01:00
type.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
uniqid.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
url_scanner_ex.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
url_scanner_ex.re
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
url.c
Fix typos (#7327)
2021-08-01 18:03:30 +01:00
url.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
user_filters_arginfo.h
Declare php_user_filter::$stream property
2021-08-20 14:50:25 +02:00
user_filters.c
Merge branch 'PHP-8.0' into PHP-8.1
2021-10-07 11:46:49 +02:00
user_filters.stub.php
Declare php_user_filter::$stream property
2021-08-20 14:50:25 +02:00
uuencode.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
var_unserializer.re
Fix bug #81142 by adding zend_string_init_existing_interned()
2021-08-12 11:57:50 +02:00
var.c
Fix infiniry recursion during serialize() of "tricky" object
2022-03-01 00:00:22 +03:00
versioning.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
winver.h