mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Merge branch 'pull-request/989'
* pull-request/989: Fix a few tests and remove error/warning for *0 Fix spaces -> tabs Add deprecated notice to invalid DES salts.
This commit is contained in:
commit
c408c80886
@ -100,6 +100,12 @@
|
||||
|
||||
#define PHP_CRYPT_RAND php_rand()
|
||||
|
||||
/* Used to check DES salts to ensure that they contain only valid characters */
|
||||
#define IS_VALID_SALT_CHARACTER(c) (((c) >= '.' && (c) <= '9') || ((c) >= 'A' && (c) <= 'Z') || ((c) >= 'a' && (c) <= 'z'))
|
||||
|
||||
#define DES_INVALID_SALT_ERROR "Supplied salt is not valid for DES. Possible bug in provided salt format."
|
||||
|
||||
|
||||
PHP_MINIT_FUNCTION(crypt) /* {{{ */
|
||||
{
|
||||
REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT);
|
||||
@ -196,10 +202,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
|
||||
} else if (
|
||||
salt[0] == '$' &&
|
||||
salt[1] == '2' &&
|
||||
salt[3] == '$' &&
|
||||
salt[4] >= '0' && salt[4] <= '3' &&
|
||||
salt[5] >= '0' && salt[5] <= '9' &&
|
||||
salt[6] == '$') {
|
||||
salt[3] == '$') {
|
||||
char output[PHP_MAX_SALT_LEN + 1];
|
||||
|
||||
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
||||
@ -213,7 +216,19 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
|
||||
ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
|
||||
return result;
|
||||
}
|
||||
} else if (salt[0] == '*' && (salt[1] == '0' || salt[1] == '1')) {
|
||||
return NULL;
|
||||
} else {
|
||||
/* DES Fallback */
|
||||
|
||||
/* Only check the salt if it's not EXT_DES */
|
||||
if (salt[0] != '_') {
|
||||
/* DES style hashes */
|
||||
if (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1])) {
|
||||
php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
memset(&buffer, 0, sizeof(buffer));
|
||||
_crypt_extended_init_r();
|
||||
|
||||
@ -238,6 +253,10 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
|
||||
# else
|
||||
# error Data struct used by crypt_r() is unknown. Please report.
|
||||
# endif
|
||||
if (salt[0] != '$' && salt[0] != '_' && (!IS_VALID_SALT_CHARACTER(salt[0]) || !IS_VALID_SALT_CHARACTER(salt[1]))) {
|
||||
/* error consistently about invalid DES fallbacks */
|
||||
php_error_docref(NULL, E_DEPRECATED, DES_INVALID_SALT_ERROR);
|
||||
}
|
||||
crypt_res = crypt_r(password, salt, &buffer);
|
||||
if (!crypt_res || (salt[0] == '*' && salt[1] == '0')) {
|
||||
return NULL;
|
||||
|
12
ext/standard/tests/crypt/bcrypt_invalid_algorithm.phpt
Normal file
12
ext/standard/tests/crypt/bcrypt_invalid_algorithm.phpt
Normal file
@ -0,0 +1,12 @@
|
||||
--TEST--
|
||||
Test BCRYPT with invalid algorithm
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump(crypt("test", "$23$04$1234567890123456789012345"));
|
||||
var_dump(crypt("test", "$20$04$1234567890123456789012345"));
|
||||
var_dump(crypt("test", "$2g$04$1234567890123456789012345"));
|
||||
?>
|
||||
--EXPECTF--
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
20
ext/standard/tests/crypt/bcrypt_invalid_cost.phpt
Normal file
20
ext/standard/tests/crypt/bcrypt_invalid_cost.phpt
Normal file
@ -0,0 +1,20 @@
|
||||
--TEST--
|
||||
Test BCRYPT with invalid cost
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump(crypt("test", "$2a$4$1234567891234567891234567"));
|
||||
var_dump(crypt("test", "$2a$00$1234567891234567891234567"));
|
||||
var_dump(crypt("test", "$2a$01$1234567891234567891234567"));
|
||||
var_dump(crypt("test", "$2a$02$1234567891234567891234567"));
|
||||
var_dump(crypt("test", "$2a$03$1234567891234567891234567"));
|
||||
var_dump(crypt("test", "$2a$32$1234567891234567891234567"));
|
||||
var_dump(crypt("test", "$2a$40$1234567891234567891234567"));
|
||||
?>
|
||||
--EXPECTF--
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
||||
string(2) "*0"
|
15
ext/standard/tests/crypt/des_fallback_invalid_salt.phpt
Normal file
15
ext/standard/tests/crypt/des_fallback_invalid_salt.phpt
Normal file
@ -0,0 +1,15 @@
|
||||
--TEST--
|
||||
Test DES with invalid fallback
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
var_dump(crypt("test", "$#"));
|
||||
var_dump(crypt("test", "$5zd$01"));
|
||||
|
||||
?>
|
||||
--EXPECTF--
|
||||
Deprecated: crypt(): Supplied salt is not valid for DES. Possible bug in provided salt format. in %s on line %d
|
||||
string(13) "$#8MWASl5pGIk"
|
||||
|
||||
Deprecated: crypt(): Supplied salt is not valid for DES. Possible bug in provided salt format. in %s on line %d
|
||||
string(13) "$54mkQyGCLvHs"
|
@ -1,10 +1,10 @@
|
||||
--TEST--
|
||||
Test Blowfish crypt() falls back to DES when rounds are not specified,
|
||||
Test Blowfish crypt() does not fall back to DES when rounds are not specified,
|
||||
or Blowfish is not available.
|
||||
--FILE--
|
||||
<?php
|
||||
$crypt = crypt(b'U*U', b'$2a$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW');
|
||||
if ($crypt===b'$2SHYF.wPGyfE') {
|
||||
if ($crypt==='*0') {
|
||||
echo "OK\n";
|
||||
} else {
|
||||
echo "Not OK\n";
|
||||
|
Loading…
Reference in New Issue
Block a user