[PHP-CVS] com php-src: Fix issue with possible memory leak: ext/standard/password.c

Tue, 16 Oct 2012 02:04:01 -0700 

Commit:    25b2d364e995fc070ae16ee34f60d25148413769
Author:    Anthony Ferrara <ircmax...@gmail.com>         Fri, 5 Oct 2012 
15:53:40 -0400
Parents:   4a7d18c79ef956022090cf7e8159ca6d50ae2339
Branches:  master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=25b2d364e995fc070ae16ee34f60d25148413769

Log:
Fix issue with possible memory leak

Changed paths:
  M  ext/standard/password.c


Diff:
diff --git a/ext/standard/password.c b/ext/standard/password.c
index 87fc2c2..af42a6f 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -350,7 +350,7 @@ PHP_FUNCTION(password_hash)
 
        if (options && zend_symtable_find(options, "salt", 5, (void**) 
&option_buffer) == SUCCESS) {
                char *buffer;
-               int buffer_len_int;
+               int buffer_len_int = 0;
                size_t buffer_len;
                switch (Z_TYPE_PP(option_buffer)) {
                        case IS_NULL:
@@ -359,17 +359,20 @@ PHP_FUNCTION(password_hash)
                        case IS_DOUBLE:
                        case IS_BOOL:
                        case IS_OBJECT:
-                               convert_to_string_ex(option_buffer);
                                if (Z_TYPE_PP(option_buffer) == IS_STRING) {
                                        buffer = Z_STRVAL_PP(option_buffer);
                                        buffer_len_int = 
Z_STRLEN_PP(option_buffer);
-                                       if (buffer_len_int < 0) {
+                                       break;
+                               } else {
+                                       SEPARATE_ZVAL(option_buffer);
+                                       convert_to_string_ex(option_buffer);
+                                       if (Z_TYPE_PP(option_buffer) == 
IS_STRING) {
+                                               buffer = 
Z_STRVAL_PP(option_buffer);
+                                               buffer_len_int = 
Z_STRLEN_PP(option_buffer);
                                                zval_ptr_dtor(option_buffer);
-                                               efree(hash_format);
-                                               php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Supplied salt is too long");
+                                               break;
                                        }
-                                       buffer_len = (size_t) buffer_len_int;
-                                       break;
+                                       zval_ptr_dtor(option_buffer);
                                }
                        case IS_RESOURCE:
                        case IS_ARRAY:
@@ -378,6 +381,11 @@ PHP_FUNCTION(password_hash)
                                php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Non-string salt parameter supplied");
                                RETURN_NULL();
                }
+               if (buffer_len_int < 0) {
+                       efree(hash_format);
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied 
salt is too long");
+               }
+               buffer_len = (size_t) buffer_len_int;
                if (buffer_len < required_salt_len) {
                        efree(hash_format);
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided 
salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned 
long) required_salt_len);


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to