Hi! On 7/31/11 3:33 PM, Solar Designer wrote:
Now that I look at this, I think there are more problems around this place in the code:
I just fixed the immediate problem, but giving a second look to this code I don't really understand why there should be NULL termination at all - we know the length anyway, and can use it directly.
And underlying functions seem never to rely on null-termination.
2. alloca() of potentially user-controlled size is unsafe - it may result in the stack pointer being moved outside of allowable range and
This is true. This code doesn't seem to have any limits on key length. We probably should add a check somewhere in crypt.c. I'll look into it soon.
-- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
