114 lines
2.7 KiB
Diff
114 lines
2.7 KiB
Diff
diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
|
|
index 3806a290aee4..351d40308089 100644
|
|
--- a/ext/standard/crypt_blowfish.c
|
|
+++ b/ext/standard/crypt_blowfish.c
|
|
@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = {
|
|
#define BF_safe_atoi64(dst, src) \
|
|
{ \
|
|
tmp = (unsigned char)(src); \
|
|
- if (tmp == '$') break; /* PHP hack */ \
|
|
if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
|
|
tmp = BF_atoi64[tmp]; \
|
|
if (tmp > 63) return -1; \
|
|
@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size)
|
|
*dptr++ = ((c3 & 0x03) << 6) | c4;
|
|
} while (dptr < end);
|
|
|
|
- if (end - dptr == size) {
|
|
- return -1;
|
|
- }
|
|
-
|
|
- while (dptr < end) /* PHP hack */
|
|
- *dptr++ = 0;
|
|
-
|
|
return 0;
|
|
}
|
|
|
|
diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
|
|
new file mode 100644
|
|
index 000000000000..32e335f4b087
|
|
--- /dev/null
|
|
+++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
|
|
@@ -0,0 +1,82 @@
|
|
+--TEST--
|
|
+bcrypt correctly rejects salts containing $
|
|
+--FILE--
|
|
+<?php
|
|
+for ($i = 0; $i < 23; $i++) {
|
|
+ $salt = '$2y$04$' . str_repeat('0', $i) . '$';
|
|
+ $result = crypt("foo", $salt);
|
|
+ var_dump($salt);
|
|
+ var_dump($result);
|
|
+ var_dump($result === $salt);
|
|
+}
|
|
+?>
|
|
+--EXPECT--
|
|
+string(8) "$2y$04$$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(9) "$2y$04$0$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(10) "$2y$04$00$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(11) "$2y$04$000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(12) "$2y$04$0000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(13) "$2y$04$00000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(14) "$2y$04$000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(15) "$2y$04$0000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(16) "$2y$04$00000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(17) "$2y$04$000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(18) "$2y$04$0000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(19) "$2y$04$00000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(20) "$2y$04$000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(21) "$2y$04$0000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(22) "$2y$04$00000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(23) "$2y$04$000000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(24) "$2y$04$0000000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(25) "$2y$04$00000000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(26) "$2y$04$000000000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(27) "$2y$04$0000000000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(28) "$2y$04$00000000000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(29) "$2y$04$000000000000000000000$"
|
|
+string(2) "*0"
|
|
+bool(false)
|
|
+string(30) "$2y$04$0000000000000000000000$"
|
|
+string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K"
|
|
+bool(false)
|