Xinchen Hui
a666285bc2
Happy New Year
2013-01-01 16:37:09 +08:00
Anthony Ferrara
9c1445c6bc
More refactoring of crypt into php_crypt, and fixing memory allocation
2012-06-29 11:32:25 -04:00
Anthony Ferrara
9e18e578f0
Merge remote branch 'upstream/master' into hash_password
...
Conflicts:
ext/standard/crypt.c
2012-06-29 10:29:58 -04:00
Nikita Popov
e6cf7d7745
Fix some lengths in crypt()
...
Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too
much memory will be allocated.
sha512 has a 86 character checksum, not 43. That probably was a copy&paste
from the sha256 code which indeed has 43.
The allocation also was using sizeof(char *), thus allocating 4 or 8 times
as much memory as necessary. The sizeof(char *) was removed in the 5.4
branch in b7a92c9
but forgotten on 5.3.
The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller than the
output buffer and thus not zeroing out everything. Use the size of the
output buffer (needed) instead.
2012-06-29 13:11:43 +02:00
Anthony Ferrara
7e8276ca68
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
...
Fixed a memory allocation bug in crypt() SHA256/512 that can
cause segmentation faults when passed in salts with a null byte
early.
2012-06-28 20:00:03 -04:00
Anthony Ferrara
6bb3865a23
Refactor crypt to use an external working function
2012-06-28 14:44:04 -04:00
Felipe Pena
e4ca0ed09f
- Year++
2012-01-01 13:15:04 +00:00
Felipe Pena
8775a37559
- Year++
2012-01-01 13:15:04 +00:00
Stanislav Malyshev
ba04ba9c82
MFB crypt fix
2011-09-12 17:50:42 +00:00
Xinchen Hui
5dc3195897
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
2011-08-09 12:16:58 +00:00
Xinchen Hui
0630945ac4
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
2011-08-09 12:16:58 +00:00
Rasmus Lerdorf
8dc951194b
I'm pretty sure you didn't mean to multiple by the size of a char* there
...
since that makes no sense. output is an array of char, not an array of
char*
Pierre, please review
2011-08-07 00:36:26 +00:00
Pierre Joye
caf6a6dc7a
- blowfish 1.2 update, 2nd part
2011-07-31 20:50:09 +00:00
Pierre Joye
991e108a85
- blowfish 1.2 update, 2nd part
2011-07-31 20:50:09 +00:00
Stanislav Malyshev
5bd0be8a15
fix crypt() issue with overlong salt
2011-07-04 23:38:09 +00:00
Stanislav Malyshev
b158091ed6
Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests
...
# See details at http://www.openwall.com/lists/announce/2011/06/21/1
2011-06-26 21:34:39 +00:00
Felipe Pena
927bf09c29
- Year++
2011-01-01 02:19:59 +00:00
Felipe Pena
0203cc3d44
- Year++
2011-01-01 02:17:06 +00:00
Pierre Joye
0296501274
- MFH
2010-06-14 09:56:50 +00:00
Felipe Pena
e86710ce11
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors)
2010-04-22 20:54:35 +00:00
Felipe Pena
5234958f8a
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors)
2010-04-22 20:54:35 +00:00
Joey Smith
6dbebc605b
Don't assume the SHA-based crypt constants are registered
...
this is a partial fix for 51435.
2010-03-30 10:10:20 +00:00
Pierre Joye
fb9ce4aaa2
- return *0/*1 on failure instead of FALSE, to avoid possible issues with bad user code
2010-02-23 17:26:49 +00:00
Pierre Joye
23fdc85e3a
- Fix #51059 , crypt can fail and return NULL, on almost all implementations
2010-02-21 18:11:11 +00:00
Sebastian Bergmann
9ba1e81665
sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
2010-01-03 09:23:27 +00:00
Pierre Joye
77afccc28c
- #50334 , add CRYPT_SHA* constants and tests [DOC]
2009-12-09 01:43:23 +00:00
Pierre Joye
9001b4036a
- #50334 , crypt ignores sha512 and add support for sha256/512 to php's crypt [DOC]
2009-12-09 00:20:14 +00:00
Sebastian Bergmann
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
Arnaud Le Blanc
d69dfa4b9f
MFH: initialize optional vars
2008-10-21 22:08:38 +00:00
Antony Dovgal
881d80382b
MFH: shutdown crypt correctly and fix memleak in ZTS mode
2008-08-19 15:14:46 +00:00
Pierre Joye
1e820eca02
-MFH:
...
- #45430 , windows implementation of crypt is not TS
- add Blowfish (using implementation from Solar Designer <solar at openwal dot com>) and extended DES support
- Make crypt features portable:
- if no crypt_r, php's implemetation is used (all algo and TS), php can't be used with unsafe crypt anymore
- if one algo is missing, php's implemetation is used
- Windows always use php's implementation
- removed old code in windows/
2008-07-28 11:50:35 +00:00
Sebastian Bergmann
d1dded8751
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:17:19 +00:00
Jani Taskinen
9e235c62ef
MFH
2007-11-05 12:44:52 +00:00
Sebastian Bergmann
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
Antony Dovgal
dc64595467
MFH
2006-12-12 12:11:51 +00:00
Antony Dovgal
24b312f8d5
MFH: missing part of the fix for #39795
2006-12-12 12:06:37 +00:00
Antony Dovgal
a74c36a335
MFH: fix #39795 (build fails on AIX because crypt_r() uses different data struct)
2006-12-12 07:38:04 +00:00
Antony Dovgal
065be7056d
MFH: fix AIX build
2006-12-03 13:46:37 +00:00
Ilia Alshanetsky
891bd7888f
Use reantrant crypt_r() whenever possible.
2006-11-30 15:59:53 +00:00
foobar
5bd93221a8
bump year and license version
2006-01-01 12:51:34 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
Stig Bakken
4127b304ea
* email address update
2004-02-12 19:05:41 +00:00
foobar
e0782e2519
- Moved php_srand() call into php_rand().
...
# Makes shuffle() and str_shuffle() to be random without having to
# call srand() in scripts.
# They don't internally call php_srand() at all and it would be silly
# to start adding php_srand() calls all over the place..
2004-01-19 03:14:58 +00:00
Andi Gutmans
dbeb4158d2
- A belated happy holidays and PHP 5
2004-01-08 08:18:22 +00:00
foobar
ebec2bb859
Moved the RINIT(crypt) stuff into crypt() itself.
2003-08-11 00:49:19 +00:00
James Cox
f68c7ff249
updating license information in the headers.
2003-06-10 20:04:29 +00:00
Sebastian Bergmann
b506f5c8f8
Bump year.
2002-12-31 16:08:15 +00:00
Sebastian Bergmann
90613d2282
Maintain headers.
2002-02-28 08:29:35 +00:00
Sebastian Bergmann
38933514e1
Update headers.
2001-12-11 15:32:16 +00:00
Andrei Zmievski
5da651fcd2
Convert to use new parameter parsing API.
2001-10-26 21:07:59 +00:00