Permalink
Browse files

fix CVE-2012-2143

(cherry picked from commit bc1c1be)
  • Loading branch information...
1 parent e9e4819 commit c208ad9ddbf712e20a8ce0c0930eb1684e06609a @smalyshev smalyshev committed with johannes May 24, 2012
Showing with 21 additions and 1 deletion.
  1. +2 −1 ext/standard/crypt_freesec.c
  2. +19 −0 ext/standard/tests/strings/crypt_chars.phpt
@@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const char *setting,
*/
q = (u_char *) keybuf;
while (q - (u_char *) keybuf < sizeof(keybuf)) {
- if ((*q++ = *key << 1))
+ *q++ = *key << 1;
+ if (*key)
key++;
}
if (des_setkey((u_char *) keybuf, data))
@@ -0,0 +1,19 @@
+--TEST--
+crypt() function - characters > 0x80
+--SKIPIF--
+<?php
+if (!function_exists('crypt')) {
+ die("SKIP crypt() is not available");
+}
+?>
+--FILE--
+<?php
+var_dump(crypt("À1234abcd", "99"));
+var_dump(crypt("À9234abcd", "99"));
+var_dump(crypt("À1234abcd", "_01234567"));
+var_dump(crypt("À9234abcd", "_01234567"));
+--EXPECT--
+string(13) "99PxawtsTfX56"
+string(13) "99jcVcGxUZOWk"
+string(20) "_01234567IBjxKliXXRQ"
+string(20) "_012345678OSGpGQRVHA"

0 comments on commit c208ad9

Please sign in to comment.