Commit: 25b2d364e995fc070ae16ee34f60d25148413769 Author: Anthony Ferrara <ircmax...@gmail.com> Fri, 5 Oct 2012 15:53:40 -0400 Parents: 4a7d18c79ef956022090cf7e8159ca6d50ae2339 Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=25b2d364e995fc070ae16ee34f60d25148413769 Log: Fix issue with possible memory leak Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index 87fc2c2..af42a6f 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -350,7 +350,7 @@ PHP_FUNCTION(password_hash) if (options && zend_symtable_find(options, "salt", 5, (void**) &option_buffer) == SUCCESS) { char *buffer; - int buffer_len_int; + int buffer_len_int = 0; size_t buffer_len; switch (Z_TYPE_PP(option_buffer)) { case IS_NULL: @@ -359,17 +359,20 @@ PHP_FUNCTION(password_hash) case IS_DOUBLE: case IS_BOOL: case IS_OBJECT: - convert_to_string_ex(option_buffer); if (Z_TYPE_PP(option_buffer) == IS_STRING) { buffer = Z_STRVAL_PP(option_buffer); buffer_len_int = Z_STRLEN_PP(option_buffer); - if (buffer_len_int < 0) { + break; + } else { + SEPARATE_ZVAL(option_buffer); + convert_to_string_ex(option_buffer); + if (Z_TYPE_PP(option_buffer) == IS_STRING) { + buffer = Z_STRVAL_PP(option_buffer); + buffer_len_int = Z_STRLEN_PP(option_buffer); zval_ptr_dtor(option_buffer); - efree(hash_format); - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long"); + break; } - buffer_len = (size_t) buffer_len_int; - break; + zval_ptr_dtor(option_buffer); } case IS_RESOURCE: case IS_ARRAY: @@ -378,6 +381,11 @@ PHP_FUNCTION(password_hash) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied"); RETURN_NULL(); } + if (buffer_len_int < 0) { + efree(hash_format); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long"); + } + buffer_len = (size_t) buffer_len_int; if (buffer_len < required_salt_len) { efree(hash_format); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php