|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2012-06-29 00:12 UTC] ircmaxell@php.net
-Status: Open
+Status: Assigned
-Assigned To:
+Assigned To: ircmaxell
[2012-06-29 01:03 UTC] ircmaxell@php.net
[2012-06-29 02:48 UTC] ircmaxell@php.net
[2012-06-29 02:48 UTC] ircmaxell@php.net
-Status: Assigned
+Status: Closed
[2014-10-07 23:24 UTC] stas@php.net
[2014-10-07 23:35 UTC] stas@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 14:01:29 2024 UTC |
Description: ------------ Crypt() SHA256 and SHA512 segfault when passed a salt that contains a null byte. This is because the emalloc call and the memset call use different length inputs for the `output` string. The memset call then overflows the buffer. Test script: --------------- <?php crypt("foo", '$5$'.chr(0).'abc'); ?> and <?php crypt("foo", '$6$'.chr(0).'abc'); ?> Expected result: ---------------- No output Actual result: -------------- Either segmentation fault (sha512) or zend_mm_heap corrupted (sha256)