summaryrefslogtreecommitdiff
path: root/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch')
-rw-r--r--dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch114
1 files changed, 0 insertions, 114 deletions
diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch
deleted file mode 100644
index a0e72f380089..000000000000
--- a/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
-index 3806a290aee4..351d40308089 100644
---- a/ext/standard/crypt_blowfish.c
-+++ b/ext/standard/crypt_blowfish.c
-@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = {
- #define BF_safe_atoi64(dst, src) \
- { \
- tmp = (unsigned char)(src); \
-- if (tmp == '$') break; /* PHP hack */ \
- if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
- tmp = BF_atoi64[tmp]; \
- if (tmp > 63) return -1; \
-@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size)
- *dptr++ = ((c3 & 0x03) << 6) | c4;
- } while (dptr < end);
-
-- if (end - dptr == size) {
-- return -1;
-- }
--
-- while (dptr < end) /* PHP hack */
-- *dptr++ = 0;
--
- return 0;
- }
-
-diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
-new file mode 100644
-index 000000000000..32e335f4b087
---- /dev/null
-+++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
-@@ -0,0 +1,82 @@
-+--TEST--
-+bcrypt correctly rejects salts containing $
-+--FILE--
-+<?php
-+for ($i = 0; $i < 23; $i++) {
-+ $salt = '$2y$04$' . str_repeat('0', $i) . '$';
-+ $result = crypt("foo", $salt);
-+ var_dump($salt);
-+ var_dump($result);
-+ var_dump($result === $salt);
-+}
-+?>
-+--EXPECT--
-+string(8) "$2y$04$$"
-+string(2) "*0"
-+bool(false)
-+string(9) "$2y$04$0$"
-+string(2) "*0"
-+bool(false)
-+string(10) "$2y$04$00$"
-+string(2) "*0"
-+bool(false)
-+string(11) "$2y$04$000$"
-+string(2) "*0"
-+bool(false)
-+string(12) "$2y$04$0000$"
-+string(2) "*0"
-+bool(false)
-+string(13) "$2y$04$00000$"
-+string(2) "*0"
-+bool(false)
-+string(14) "$2y$04$000000$"
-+string(2) "*0"
-+bool(false)
-+string(15) "$2y$04$0000000$"
-+string(2) "*0"
-+bool(false)
-+string(16) "$2y$04$00000000$"
-+string(2) "*0"
-+bool(false)
-+string(17) "$2y$04$000000000$"
-+string(2) "*0"
-+bool(false)
-+string(18) "$2y$04$0000000000$"
-+string(2) "*0"
-+bool(false)
-+string(19) "$2y$04$00000000000$"
-+string(2) "*0"
-+bool(false)
-+string(20) "$2y$04$000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(21) "$2y$04$0000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(22) "$2y$04$00000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(23) "$2y$04$000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(24) "$2y$04$0000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(25) "$2y$04$00000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(26) "$2y$04$000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(27) "$2y$04$0000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(28) "$2y$04$00000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(29) "$2y$04$000000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(30) "$2y$04$0000000000000000000000$"
-+string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K"
-+bool(false)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-10 07:08:30 +0000