php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62443 Crypt SHA256/512 Segfaults With Malformed Salt
Submitted: 2012-06-29 00:02 UTC Modified: 2012-06-29 02:48 UTC
From: ircmaxell@php.net Assigned: ircmaxell (profile)
Status: Closed Package: Reproducible crash
PHP Version: master-Git-2012-06-28 (Git) OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ircmaxell@php.net
New email:
PHP Version: OS:

 

 [2012-06-29 00:02 UTC] ircmaxell@php.net 
Description:
------------
Crypt() SHA256 and SHA512 segfault when passed a salt that contains a null byte. 
This is because the emalloc call and the memset call use different length inputs 
for the `output` string.  The memset call then overflows the buffer.

Test script:
---------------
<?php
crypt("foo", '$5$'.chr(0).'abc');
?>

and

<?php
crypt("foo", '$6$'.chr(0).'abc');
?>

Expected result:
----------------
No output

Actual result:
--------------
Either segmentation fault (sha512) or zend_mm_heap corrupted (sha256)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-29 00:12 UTC] ircmaxell@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: ircmaxell
 [2012-06-29 01:03 UTC] ircmaxell@php.net 
Automatic comment on behalf of ircmaxell@ircmaxell.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7e8276ca68fc622124d51d18e4f7b5cde3536de4
Log: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
 [2012-06-29 02:48 UTC] ircmaxell@php.net 
This has been fixed in the 5.3, 5.4 and master branches.
 [2012-06-29 02:48 UTC] ircmaxell@php.net
-Status: Assigned +Status: Closed
 [2014-10-07 23:24 UTC] stas@php.net 
Automatic comment on behalf of ircmaxell@ircmaxell.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=7e8276ca68fc622124d51d18e4f7b5cde3536de4
Log: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
 [2014-10-07 23:35 UTC] stas@php.net 
Automatic comment on behalf of ircmaxell@ircmaxell.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=7e8276ca68fc622124d51d18e4f7b5cde3536de4
Log: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 16 16:01:28 2024 UTC