Skip to content

Commit 8338134

Browse files
author
Derick Rethans
committed
- MFH (Bug php#8839)
1 parent 750f87c commit 8338134

File tree

1 file changed

+32
-30
lines changed

1 file changed

+32
-30
lines changed

ext/mcrypt/mcrypt.c

Lines changed: 32 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -339,36 +339,37 @@ static PHP_MSHUTDOWN_FUNCTION(mcrypt)
339339
return SUCCESS;
340340
}
341341

342+
#include "ext/standard/php_smart_str.h"
343+
342344
PHP_MINFO_FUNCTION(mcrypt)
343345
{
344346
#if HAVE_LIBMCRYPT24
345347
char **modules;
346348
int i, count;
347-
char *tmp, *tmp2;
349+
smart_str tmp1 = {0};
350+
smart_str tmp2 = {0};
348351
MCLS_FETCH();
349352

350-
tmp = emalloc (2048);
351-
memset (tmp, 0, sizeof(tmp));
352353
modules = mcrypt_list_algorithms (MCG(algorithms_dir), &count);
353354
if (count == 0) {
354-
strcpy (tmp, "none");
355+
smart_str_appends (&tmp1, "none");
355356
}
356357
for (i = 0; i < count; i++) {
357-
strcat (tmp, modules[i]);
358-
strcat (tmp, " ");
358+
smart_str_appends (&tmp1, modules[i]);
359+
smart_str_appendc (&tmp1, ' ');
359360
}
361+
smart_str_0 (&tmp1);
360362
mcrypt_free_p (modules, count);
361363

362-
tmp2 = emalloc (2048);
363-
memset (tmp2, 0, sizeof(tmp2));
364364
modules = mcrypt_list_modes (MCG(modes_dir), &count);
365365
if (count == 0) {
366-
strcpy (tmp2, "none");
366+
smart_str_appends (&tmp2, "none");
367367
}
368368
for (i = 0; i < count; i++) {
369-
strcat (tmp2, modules[i]);
370-
strcat (tmp2, " ");
369+
smart_str_appends (&tmp2, modules[i]);
370+
smart_str_appendc (&tmp2, ' ');
371371
}
372+
smart_str_0 (&tmp2);
372373
mcrypt_free_p (modules, count);
373374
#endif
374375

@@ -379,10 +380,10 @@ PHP_MINFO_FUNCTION(mcrypt)
379380
#endif
380381
#if HAVE_LIBMCRYPT24
381382
php_info_print_table_row(2, "version", "2.4.x");
382-
php_info_print_table_row(2, "Supported ciphers", tmp);
383-
php_info_print_table_row(2, "Supported modes", tmp2);
384-
efree (tmp2);
385-
efree (tmp);
383+
php_info_print_table_row(2, "Supported ciphers", tmp1.c);
384+
php_info_print_table_row(2, "Supported modes", tmp2.c);
385+
smart_str_free (&tmp1);
386+
smart_str_free (&tmp2);
386387
#endif
387388
php_info_print_table_end();
388389

@@ -436,9 +437,9 @@ PHP_FUNCTION(mcrypt_generic_init)
436437
{
437438
zval **key, **iv;
438439
zval **mcryptind;
439-
char *key_s, *iv_s;
440+
unsigned char *key_s, *iv_s;
440441
char dummy[256];
441-
int key_size, iv_size;
442+
int max_key_size, iv_size;
442443
MCRYPT td;
443444
int argc;
444445
MCLS_FETCH();
@@ -451,20 +452,21 @@ PHP_FUNCTION(mcrypt_generic_init)
451452
convert_to_string_ex (key);
452453
convert_to_string_ex (iv);
453454

454-
key_size = mcrypt_enc_get_key_size (td);
455-
key_s = emalloc (key_size + 1);
456-
memset (key_s, 0, key_size + 1);
457-
455+
max_key_size = mcrypt_enc_get_key_size (td);
458456
iv_size = mcrypt_enc_get_iv_size (td);
457+
458+
key_s = emalloc (Z_STRLEN_PP(key));
459+
memset (key_s, 0, Z_STRLEN_PP(key));
460+
459461
iv_s = emalloc (iv_size + 1);
460462
memset (iv_s, 0, iv_size + 1);
461463

462-
if (Z_STRLEN_PP(key) != key_size) {
463-
sprintf (dummy, "key size incorrect; supplied length: %d, needed: %d",
464-
Z_STRLEN_PP(key), key_size);
464+
if (Z_STRLEN_PP(key) > max_key_size) {
465+
sprintf (dummy, "key size too large; supplied length: %d, max: %d",
466+
Z_STRLEN_PP(key), max_key_size);
465467
php_error (E_NOTICE, dummy);
466468
}
467-
strncpy (key_s, Z_STRVAL_PP(key), key_size);
469+
strncpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key));
468470

469471
if (Z_STRLEN_PP(iv) != iv_size) {
470472
sprintf (dummy, "iv size incorrect; supplied length: %d, needed: %d",
@@ -473,7 +475,7 @@ PHP_FUNCTION(mcrypt_generic_init)
473475
}
474476
strncpy (iv_s, Z_STRVAL_PP(iv), iv_size);
475477

476-
RETVAL_LONG (mcrypt_generic_init (td, key_s, key_size, iv_s));
478+
RETVAL_LONG (mcrypt_generic_init (td, key_s, Z_STRLEN_PP(key), iv_s));
477479
efree (iv_s);
478480
efree (key_s);
479481
}
@@ -487,7 +489,7 @@ PHP_FUNCTION(mcrypt_generic)
487489
zval **data, **mcryptind;
488490
MCRYPT td;
489491
int argc;
490-
char* data_s;
492+
unsigned char* data_s;
491493
int block_size, data_size;
492494
MCLS_FETCH();
493495

@@ -1294,7 +1296,7 @@ static void php_mcrypt_do_crypt (char* cipher, zval **key, zval **data, char *mo
12941296
memset (data_s, 0, data_size);
12951297
memcpy (data_s, Z_STRVAL_PP(data), Z_STRLEN_PP(data));
12961298
}
1297-
1299+
12981300
if (mcrypt_generic_init (td, key_s, use_key_length, iv_s) < 0) {
12991301
php_error (E_ERROR, "generic_init failed");
13001302
}
@@ -1307,10 +1309,10 @@ static void php_mcrypt_do_crypt (char* cipher, zval **key, zval **data, char *mo
13071309

13081310
/* freeing vars */
13091311
mcrypt_generic_end (td);
1310-
if (iv_s != NULL)
1311-
efree (iv_s);
13121312
if (key_s != NULL)
13131313
efree (key_s);
1314+
if (iv_s != NULL)
1315+
efree (iv_s);
13141316
efree (data_s);
13151317
mcrypt_module_close (td);
13161318
}

0 commit comments

Comments
 (0)