php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62443 Crypt SHA256/512 Segfaults With Malformed Salt
Submitted: 2012-06-29 00:02 UTC Modified: 2012-06-29 02:48 UTC
From: [email protected] Assigned: ircmaxell (profile)
Status: Closed Package: Reproducible crash
PHP Version: master-Git-2012-06-28 (Git) OS: All
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: [email protected]
New email:
PHP Version: OS:

 

 [2012-06-29 00:02 UTC] [email protected] 
Description:
------------
Crypt() SHA256 and SHA512 segfault when passed a salt that contains a null byte. 
This is because the emalloc call and the memset call use different length inputs 
for the `output` string.  The memset call then overflows the buffer.

Test script:
---------------
<?php
crypt("foo", '$5$'.chr(0).'abc');
?>

and

<?php
crypt("foo", '$6$'.chr(0).'abc');
?>

Expected result:
----------------
No output

Actual result:
--------------
Either segmentation fault (sha512) or zend_mm_heap corrupted (sha256)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-29 00:12 UTC] [email protected]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: ircmaxell
 [2012-06-29 01:03 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7e8276ca68fc622124d51d18e4f7b5cde3536de4
Log: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
 [2012-06-29 02:48 UTC] [email protected] 
This has been fixed in the 5.3, 5.4 and master branches.
 [2012-06-29 02:48 UTC] [email protected]
-Status: Assigned +Status: Closed
 [2014-10-07 23:24 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=7e8276ca68fc622124d51d18e4f7b5cde3536de4
Log: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
 [2014-10-07 23:35 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=7e8276ca68fc622124d51d18e4f7b5cde3536de4
Log: Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Jun 30 04:01:33 2025 UTC