Commit: 4a7d18c79ef956022090cf7e8159ca6d50ae2339 Author: Anthony Ferrara <ircmax...@gmail.com> Fri, 5 Oct 2012 15:31:58 -0400 Parents: 8bd79d180716fc521a3f5cae4bbfa96eb6397925 Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=4a7d18c79ef956022090cf7e8159ca6d50ae2339 Log: Fix some double free issues, and more cleanup work Changed paths: M ext/standard/password.c Diff: diff --git a/ext/standard/password.c b/ext/standard/password.c index e876269..87fc2c2 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -79,7 +79,7 @@ static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len } /* }}} */ -static int php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ +static zend_bool php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ { size_t pos = 0; size_t ret_len = 0; @@ -108,7 +108,7 @@ static int php_password_salt_to64(const char *str, const size_t str_len, const s } /* }}} */ -static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ +static zend_bool php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ { int buffer_valid = 0; size_t i, raw_length; @@ -163,9 +163,8 @@ static int php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ efree(buffer); efree(result); return FAILURE; - } else { - memcpy(ret, result, (int) length); } + memcpy(ret, result, (int) length); efree(result); efree(buffer); ret[length] = 0; @@ -245,9 +244,13 @@ PHP_FUNCTION(password_needs_rehash) long new_cost = PHP_PASSWORD_BCRYPT_COST, cost = 0; if (options && zend_symtable_find(options, "cost", sizeof("cost"), (void **) &option_buffer) == SUCCESS) { - convert_to_long_ex(option_buffer); - new_cost = Z_LVAL_PP(option_buffer); - zval_ptr_dtor(option_buffer); + if (Z_TYPE_PP(option_buffer) != IS_LONG) { + convert_to_long_ex(option_buffer); + new_cost = Z_LVAL_PP(option_buffer); + zval_ptr_dtor(option_buffer); + } else { + new_cost = Z_LVAL_PP(option_buffer); + } } sscanf(hash, "$2y$%ld$", &cost); @@ -319,9 +322,13 @@ PHP_FUNCTION(password_hash) long cost = PHP_PASSWORD_BCRYPT_COST; if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { - convert_to_long_ex(option_buffer); - cost = Z_LVAL_PP(option_buffer); - zval_ptr_dtor(option_buffer); + if (Z_TYPE_PP(option_buffer) != IS_LONG) { + convert_to_long_ex(option_buffer); + cost = Z_LVAL_PP(option_buffer); + zval_ptr_dtor(option_buffer); + } else { + cost = Z_LVAL_PP(option_buffer); + } } if (cost < 4 || cost > 31) { @@ -367,14 +374,12 @@ PHP_FUNCTION(password_hash) case IS_RESOURCE: case IS_ARRAY: default: - zval_ptr_dtor(option_buffer); efree(hash_format); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied"); RETURN_NULL(); } if (buffer_len < required_salt_len) { efree(hash_format); - zval_ptr_dtor(option_buffer); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); RETURN_NULL(); } else if (0 == php_password_salt_is_alphabet(buffer, buffer_len)) { @@ -382,7 +387,6 @@ PHP_FUNCTION(password_hash) if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE) { efree(hash_format); efree(salt); - zval_ptr_dtor(option_buffer); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu", (unsigned long) buffer_len); RETURN_NULL(); } @@ -392,7 +396,6 @@ PHP_FUNCTION(password_hash) memcpy(salt, buffer, (int) required_salt_len); salt_len = required_salt_len; } - zval_ptr_dtor(option_buffer); } else { salt = safe_emalloc(required_salt_len, 1, 1); if (php_password_make_salt(required_salt_len, salt TSRMLS_CC) == FAILURE) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php