clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-01 06:46:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
90,806 Commits 494 Branches 1,367 Tags 800 MiB
56b0d6f3a0
Commit Graph

129 Commits

Author SHA1 Message Date
Anthony Ferrara
ed4052f1d5 Fixed bug #69686 password_verify reports back error on PHP7 will null string. 
The deprecation of DES salts created a warning when trying to verify them with password_hash. This bug fix adds a quiet mode to php_crypt() which is used by password_verify.
 2015-05-21 17:12:51 -04:00
Stanislav Malyshev
c408c80886 Merge branch 'pull-request/989' 
* pull-request/989:
  Fix a few tests and remove error/warning for *0
  Fix spaces -> tabs
  Add deprecated notice to invalid DES salts.
 2015-01-31 22:04:39 -08:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Anthony Ferrara
4a2fe3d0ab Fix a few tests and remove error/warning for *0 2015-01-13 11:49:09 -05:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Anthony Ferrara
9cc9887224 Fix spaces -> tabs 2015-01-09 11:23:06 -05:00
Anthony Ferrara
462fef794f Add deprecated notice to invalid DES salts. 
This will cause an error in the case where invalid salts are provided for other algorithms. Currently, these invalid salts will silently fall back to STD_DES which is extremely weak. By detecting invalid DES salts, we can alert the user that there is a bug in their code.

The error is currently E_DEPRECATED as this has potential to break currently working (yet insecure) code. In the future it should be changed to an E_WARNING and return *0
 2015-01-09 11:18:33 -05:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Stanislav Malyshev
bfc8d297be Merge branch 'PHP-5.6' 
* PHP-5.6:
  update news
  update news
  update NEWS
  Apply error-code-salt fix to Windows too
  Bug fixes in light of failing bcrypt tests
  Add tests from 1.3. Add missing tests.
  Upgrade crypt_blowfish to version 1.3
  Apply error-code-salt fix to Windows too
  Bug fixes in light of failing bcrypt tests
  Add tests from 1.3. Add missing tests.
  Upgrade crypt_blowfish to version 1.3

Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:47:40 -08:00
Stanislav Malyshev
720ba67948 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update news
  update news
  update NEWS
  Apply error-code-salt fix to Windows too
  Bug fixes in light of failing bcrypt tests
  Add tests from 1.3. Add missing tests.
  Upgrade crypt_blowfish to version 1.3
  Apply error-code-salt fix to Windows too
  Bug fixes in light of failing bcrypt tests
  Add tests from 1.3. Add missing tests.
  Upgrade crypt_blowfish to version 1.3
 2014-11-30 21:39:49 -08:00
Anatol Belski
f58edcd996 fix datatype warnings 2014-10-22 17:56:28 +02:00
Leigh
f66013df94 Apply error-code-salt fix to Windows too 2014-10-07 13:12:38 +01:00
Leigh
4e8c876120 Bug fixes in light of failing bcrypt tests 2014-10-07 12:27:57 +01:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Anatol Belski
c45f4f5461 generalized the case with secure memory zeroing 2014-09-19 01:46:14 +02:00
Anatol Belski
2b77a57d88 zero sensitive data more secure way 2014-09-19 00:06:34 +02:00
Anatol Belski
3234480827 first show to make 's' work with size_t 2014-08-27 20:49:31 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
745a71be33 yet more fixes to zpp 2014-08-20 14:46:14 +02:00
Anatol Belski
cb25136f4e fix macros in the 5 basic extensions 2014-08-16 11:37:14 +02:00
Dmitry Stogov
b4c2bd2277 Fixed compilation on Windows 2014-07-15 15:50:42 +04:00
Xinchen Hui
2ed1f00869 Refactor php_crypt to returning zend_string 2014-02-25 12:46:51 +08:00
Dmitry Stogov
40e053e7f3 Use better data structures (incomplete) 2014-02-13 17:54:23 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Nikita Popov
82eca388d2 Fix ZTS build 2013-10-29 20:01:37 +01:00
Yasuo Ohgaki
416f8fce5c Implemented Change crypt() behavior w/o salt RFC 2013-10-29 18:53:45 +09:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Anthony Ferrara
9c1445c6bc More refactoring of crypt into php_crypt, and fixing memory allocation 2012-06-29 11:32:25 -04:00
Anthony Ferrara
9e18e578f0 Merge remote branch 'upstream/master' into hash_password 
Conflicts:
	ext/standard/crypt.c
 2012-06-29 10:29:58 -04:00
Nikita Popov
e6cf7d7745 Fix some lengths in crypt() 
Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too
much memory will be allocated.

sha512 has a 86 character checksum, not 43. That probably was a copy&paste
from the sha256 code which indeed has 43.

The allocation also was using sizeof(char *), thus allocating 4 or 8 times
as much memory as necessary. The sizeof(char *) was removed in the 5.4
branch in b7a92c9 but forgotten on 5.3.

The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller than the
output buffer and thus not zeroing out everything. Use the size of the
output buffer (needed) instead.
 2012-06-29 13:11:43 +02:00
Anthony Ferrara
7e8276ca68 Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt) 
Fixed a memory allocation bug in crypt() SHA256/512 that can
cause segmentation faults when passed in salts with a null byte
early.
 2012-06-28 20:00:03 -04:00
Anthony Ferrara
6bb3865a23 Refactor crypt to use an external working function 2012-06-28 14:44:04 -04:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Stanislav Malyshev
ba04ba9c82 MFB crypt fix 2011-09-12 17:50:42 +00:00
Xinchen Hui
5dc3195897 Avoiding strcpy, strcat, sprintf usage to make static analyzer happy 2011-08-09 12:16:58 +00:00
Xinchen Hui
0630945ac4 Avoiding strcpy, strcat, sprintf usage to make static analyzer happy 2011-08-09 12:16:58 +00:00
Rasmus Lerdorf
8dc951194b I'm pretty sure you didn't mean to multiple by the size of a char* there 
since that makes no sense. output is an array of char, not an array of
char*
Pierre, please review
 2011-08-07 00:36:26 +00:00
Pierre Joye
caf6a6dc7a - blowfish 1.2 update, 2nd part 2011-07-31 20:50:09 +00:00
Pierre Joye
991e108a85 - blowfish 1.2 update, 2nd part 2011-07-31 20:50:09 +00:00
Stanislav Malyshev
5bd0be8a15 fix crypt() issue with overlong salt 2011-07-04 23:38:09 +00:00
Stanislav Malyshev
b158091ed6 Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests 
# See details at http://www.openwall.com/lists/announce/2011/06/21/1
 2011-06-26 21:34:39 +00:00
Felipe Pena
927bf09c29 - Year++ 2011-01-01 02:19:59 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Pierre Joye
0296501274 - MFH 2010-06-14 09:56:50 +00:00
Felipe Pena
e86710ce11 - Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors) 2010-04-22 20:54:35 +00:00
Felipe Pena
5234958f8a - Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors) 2010-04-22 20:54:35 +00:00
Joey Smith
6dbebc605b Don't assume the SHA-based crypt constants are registered 
this is a partial fix for 51435.
 2010-03-30 10:10:20 +00:00
Pierre Joye
fb9ce4aaa2 - return *0/*1 on failure instead of FALSE, to avoid possible issues with bad user code 2010-02-23 17:26:49 +00:00