mirror of
https://github.com/php/php-src.git
synced 2024-09-23 02:47:26 +00:00
partial cleanup to work with size_t str length in password_hash
php_crypt() and co use int, though this is fair enough. Could be refactored later for tidiness reasons.
This commit is contained in:
parent
dbddbcc950
commit
a85ce501da
@ -345,12 +345,11 @@ PHP_FUNCTION(password_hash)
|
||||
|
||||
if (options && (option_buffer = zend_symtable_str_find(options, "salt", sizeof("salt")-1)) != NULL) {
|
||||
char *buffer;
|
||||
size_t buffer_len_int = 0;
|
||||
size_t buffer_len;
|
||||
size_t buffer_len = 0;
|
||||
switch (Z_TYPE_P(option_buffer)) {
|
||||
case IS_STRING:
|
||||
buffer = estrndup(Z_STRVAL_P(option_buffer), Z_STRLEN_P(option_buffer));
|
||||
buffer_len_int = Z_STRLEN_P(option_buffer);
|
||||
buffer_len = Z_STRLEN_P(option_buffer);
|
||||
break;
|
||||
case IS_LONG:
|
||||
case IS_DOUBLE:
|
||||
@ -361,7 +360,7 @@ PHP_FUNCTION(password_hash)
|
||||
convert_to_string(&cast_option_buffer);
|
||||
if (Z_TYPE(cast_option_buffer) == IS_STRING) {
|
||||
buffer = estrndup(Z_STRVAL(cast_option_buffer), Z_STRLEN(cast_option_buffer));
|
||||
buffer_len_int = Z_STRLEN(cast_option_buffer);
|
||||
buffer_len = Z_STRLEN(cast_option_buffer);
|
||||
zval_dtor(&cast_option_buffer);
|
||||
break;
|
||||
}
|
||||
@ -377,16 +376,18 @@ PHP_FUNCTION(password_hash)
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied");
|
||||
RETURN_NULL();
|
||||
}
|
||||
if (buffer_len_int < 0) {
|
||||
|
||||
/* XXX all the crypt related APIs work with int for string length.
|
||||
That should be revised for size_t and then we maybe don't require
|
||||
the > INT_MAX check. */
|
||||
if (buffer_len > INT_MAX) {
|
||||
efree(hash_format);
|
||||
efree(buffer);
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long");
|
||||
}
|
||||
buffer_len = (size_t) buffer_len_int;
|
||||
if (buffer_len < required_salt_len) {
|
||||
} else if (buffer_len < required_salt_len) {
|
||||
efree(hash_format);
|
||||
efree(buffer);
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len);
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %zd expecting %zd", buffer_len, required_salt_len);
|
||||
RETURN_NULL();
|
||||
} else if (php_password_salt_is_alphabet(buffer, buffer_len) == FAILURE) {
|
||||
salt = safe_emalloc(required_salt_len, 1, 1);
|
||||
@ -394,7 +395,7 @@ PHP_FUNCTION(password_hash)
|
||||
efree(hash_format);
|
||||
efree(buffer);
|
||||
efree(salt);
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu", (unsigned long) buffer_len);
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %zd", buffer_len);
|
||||
RETURN_NULL();
|
||||
}
|
||||
salt_len = required_salt_len;
|
||||
|
Loading…
Reference in New Issue
Block a user