diff options
Diffstat (limited to 'dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch')
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch new file mode 100644 index 000000000000..67c172ae214f --- /dev/null +++ b/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch @@ -0,0 +1,37 @@ +From a92acbad873a05470af1a47cb785a18eadd827b5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be> +Date: Mon, 23 Jan 2023 22:13:57 +0100 +Subject: [PATCH] crypt: Fix possible buffer overread in php_crypt() + +--- + ext/standard/crypt.c | 1 + + ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++ + 2 files changed, 9 insertions(+) + create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt + +diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c +index 8c105cf910e8..8316c8b96063 100644 +--- a/ext/standard/crypt.c ++++ b/ext/standard/crypt.c +@@ -135,6 +135,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch + } else if ( + salt[0] == '$' && + salt[1] == '2' && ++ salt[2] != 0 && + salt[3] == '$') { + char output[PHP_MAX_SALT_LEN + 1]; + +diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt +new file mode 100644 +index 000000000000..085bc8a23904 +--- /dev/null ++++ b/ext/standard/tests/password/password_bcrypt_short.phpt +@@ -0,0 +1,8 @@ ++--TEST-- ++Test that password_hash() does not overread buffers when a short hash is passed ++--FILE-- ++<?php ++var_dump(password_verify("foo", '$2')); ++?> ++--EXPECT-- ++bool(false) |