1 files changed, 0 insertions, 37 deletions

diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch
deleted file mode 100644
index 67c172ae214f..000000000000
--- a/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From a92acbad873a05470af1a47cb785a18eadd827b5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
-Date: Mon, 23 Jan 2023 22:13:57 +0100
-Subject: [PATCH] crypt: Fix possible buffer overread in php_crypt()
-
----
- ext/standard/crypt.c                                   | 1 +
- ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++
- 2 files changed, 9 insertions(+)
- create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt
-
-diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
-index 8c105cf910e8..8316c8b96063 100644
---- a/ext/standard/crypt.c
-+++ b/ext/standard/crypt.c
-@@ -135,6 +135,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
- 		} else if (
- 				salt[0] == '$' &&
- 				salt[1] == '2' &&
-+				salt[2] != 0 &&
- 				salt[3] == '$') {
- 			char output[PHP_MAX_SALT_LEN + 1];
- 
-diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt
-new file mode 100644
-index 000000000000..085bc8a23904
---- /dev/null
-+++ b/ext/standard/tests/password/password_bcrypt_short.phpt
-@@ -0,0 +1,8 @@
-+--TEST--
-+Test that password_hash() does not overread buffers when a short hash is passed
-+--FILE--
-+<?php
-+var_dump(password_verify("foo", '$2'));
-+?>
-+--EXPECT--
-+bool(false)