Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

fix CVE-2012-2143

  • Loading branch information...
commit bc1c1beea5b4cd1bec72d347bfd21e865258933a 1 parent 460f932
Stanislav Malyshev authored May 24, 2012
1  NEWS
@@ -5,6 +5,7 @@ PHP                                                                        NEWS
5 5
   . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)
6 6
 
7 7
 - Core:
  8
+  . Fixed CVE-2012-2143. (Solar Designer)
8 9
   . Fixed bug #62097 (fix for for bug #54547). (Gustavo)
9 10
 
10 11
 - Intl:
3  ext/standard/crypt_freesec.c
@@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const char *setting,
629 629
 	 */
630 630
 	q = (u_char *) keybuf;
631 631
 	while (q - (u_char *) keybuf < sizeof(keybuf)) {
632  
-		if ((*q++ = *key << 1))
  632
+		*q++ = *key << 1;
  633
+		if (*key)
633 634
 			key++;
634 635
 	}
635 636
 	if (des_setkey((u_char *) keybuf, data))
19  ext/standard/tests/strings/crypt_chars.phpt
... ...
@@ -0,0 +1,19 @@
  1
+--TEST--
  2
+crypt() function - characters > 0x80
  3
+--SKIPIF--
  4
+<?php
  5
+if (!function_exists('crypt')) {
  6
+        die("SKIP crypt() is not available");
  7
+}
  8
+?>
  9
+--FILE--
  10
+<?php
  11
+var_dump(crypt("À1234abcd", "99"));
  12
+var_dump(crypt("À9234abcd", "99"));
  13
+var_dump(crypt("À1234abcd", "_01234567"));
  14
+var_dump(crypt("À9234abcd", "_01234567"));
  15
+--EXPECT--
  16
+string(13) "99PxawtsTfX56"
  17
+string(13) "99jcVcGxUZOWk"
  18
+string(20) "_01234567IBjxKliXXRQ"
  19
+string(20) "_012345678OSGpGQRVHA"

0 notes on commit bc1c1be

Please sign in to comment.
Something went wrong with that request. Please try again.