diff options
Diffstat (limited to 'ext/hash')
| -rw-r--r-- | ext/hash/hash.c | 14 | ||||
| -rw-r--r-- | ext/hash/php_hash_tiger.h | 6 | ||||
| -rw-r--r-- | ext/hash/tests/bug52240.phpt | 19 |
3 files changed, 31 insertions, 8 deletions
diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 96c0ae216..b08bcc1e5 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: hash.c 293036 2010-01-03 09:23:27Z sebastian $ */ +/* $Id: hash.c 300972 2010-07-03 13:06:14Z felipe $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -556,8 +556,10 @@ PHP_FUNCTION(hash_copy) copy_hash->ops = hash->ops; copy_hash->context = context; copy_hash->options = hash->options; - copy_hash->key = hash->key; - + copy_hash->key = ecalloc(1, hash->ops->block_size); + if (hash->key) { + memcpy(copy_hash->key, hash->key, hash->ops->block_size); + } ZEND_REGISTER_RESOURCE(return_value, copy_hash, php_hash_le_hash); } /* }}} */ @@ -739,15 +741,17 @@ PHP_FUNCTION(mhash_get_block_size) Generates a key using hash functions */ PHP_FUNCTION(mhash_keygen_s2k) { - long algorithm, bytes; + long algorithm, l_bytes; + int bytes; char *password, *salt; int password_len, salt_len; char padded_salt[SALT_SIZE]; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "lssl", &algorithm, &password, &password_len, &salt, &salt_len, &bytes) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "lssl", &algorithm, &password, &password_len, &salt, &salt_len, &l_bytes) == FAILURE) { return; } + bytes = (int)l_bytes; if (bytes <= 0){ php_error_docref(NULL TSRMLS_CC, E_WARNING, "the byte parameter must be greater than 0"); RETURN_FALSE; diff --git a/ext/hash/php_hash_tiger.h b/ext/hash/php_hash_tiger.h index 78b05e1a8..4949d4744 100644 --- a/ext/hash/php_hash_tiger.h +++ b/ext/hash/php_hash_tiger.h @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_hash_tiger.h 293036 2010-01-03 09:23:27Z sebastian $ */ +/* $Id: php_hash_tiger.h 301252 2010-07-13 23:59:54Z kalle $ */ #ifndef PHP_HASH_TIGER_H #define PHP_HASH_TIGER_H @@ -25,8 +25,8 @@ typedef struct { php_hash_uint64 state[3]; php_hash_uint64 passed; - unsigned char passes:1; - unsigned char length:7; + unsigned int passes:1; + unsigned int length:7; unsigned char buffer[64]; } PHP_TIGER_CTX; diff --git a/ext/hash/tests/bug52240.phpt b/ext/hash/tests/bug52240.phpt new file mode 100644 index 000000000..1f8472c77 --- /dev/null +++ b/ext/hash/tests/bug52240.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #52240 (hash_copy() does not copy the HMAC key, causes wrong results and PHP crashes) +--SKIPIF-- +<?php extension_loaded('hash') or die('skip'); ?> +--FILE-- +<?php + +$h = hash_init('crc32b', HASH_HMAC, '123456' ); +$h2 = hash_copy($h); +var_dump(hash_final($h)); +$h3 = hash_copy($h2); +var_dump(hash_final($h2)); +var_dump(hash_final($h3)); + +?> +--EXPECT-- +string(8) "278af264" +string(8) "278af264" +string(8) "278af264" |