On Wed, Jul 20, 2011 at 06:21:16PM -0700, Stas Malyshev wrote: > On 7/19/11 4:44 PM, Solar Designer wrote: > >Expected:<$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5> > >Got<$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C3> [...] > Yes, we had buffer overflow error there since the buffer salt[] was > PHP_MAX_SALT_LEN+1 but if salt was longer salt[salt_in_len] later wrote > 0 into bad place.
Is this buffer overflow still not fixed in 5.4, or does 5.4 also have the salt truncation bug above? Either way, it sounds like you need to figure this out and include a fix in 5.4, before 5.4 proper is released. Ditto for 5.3.7. > But for SHA max salt len should be something like 123, so I wonder how > comes it got truncated in that case. I trust that you'll figure it out. Thanks, Alexander -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
