From 1a4456bb767a344d6542bb6a7c8165ff1931514c Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 5 Jul 2011 20:10:45 +0000
Subject: [PATCH] Fixed bug relating to un-initialized memory access

---
 ext/standard/crypt_sha256.c | 3 ++-
 ext/standard/crypt_sha512.c | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ext/standard/crypt_sha256.c b/ext/standard/crypt_sha256.c
index 26260992ef0..231206bca14 100644
--- a/ext/standard/crypt_sha256.c
+++ b/ext/standard/crypt_sha256.c
@@ -395,9 +395,10 @@ char * php_sha256_crypt_r(const char *key, const char *salt, char *buffer, int b
 	}
 
 	if ((salt - (char *) 0) % __alignof__(uint32_t) != 0) {
-		char *tmp = (char *) alloca(salt_len + __alignof__(uint32_t));
+		char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint32_t));
 		salt = copied_salt =
 		memcpy(tmp + __alignof__(uint32_t) - (tmp - (char *) 0) % __alignof__ (uint32_t), salt, salt_len);
+		tmp[salt_len] = 0;
 	}
 
 	/* Prepare for the real work.  */
diff --git a/ext/standard/crypt_sha512.c b/ext/standard/crypt_sha512.c
index a51e11a37c2..708ad67caa3 100644
--- a/ext/standard/crypt_sha512.c
+++ b/ext/standard/crypt_sha512.c
@@ -430,8 +430,8 @@ php_sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
 	}
 
 	if ((salt - (char *) 0) % __alignof__ (uint64_t) != 0) {
-		char *tmp = (char *) alloca(salt_len + __alignof__(uint64_t));
-
+		char *tmp = (char *) alloca(salt_len + 1 + __alignof__(uint64_t));
+		tmp[salt_len] = 0;
 		salt = copied_salt = memcpy(tmp + __alignof__(uint64_t) - (tmp - (char *) 0) % __alignof__(uint64_t), salt, salt_len);
 	}