Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:54123
Return-Path: <solar@openwall.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 91279 invoked from network); 21 Jul 2011 22:08:01 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Jul 2011 22:08:01 -0000
Authentication-Results: pb1.pair.com header.from=solar@openwall.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=solar@openwall.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain openwall.com designates 195.42.179.200 as permitted sender)
X-PHP-List-Original-Sender: solar@openwall.com
X-Host-Fingerprint: 195.42.179.200 mother.openwall.net  
Received: from [195.42.179.200] ([195.42.179.200:38242] helo=mother.openwall.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 22/00-25454-E33A82E4 for <internals@lists.php.net>; Thu, 21 Jul 2011 18:08:00 -0400
Received: (qmail 5448 invoked from network); 21 Jul 2011 22:01:14 -0000
Received: from localhost (HELO pvt.openwall.com) (127.0.0.1)
  by localhost with SMTP; 21 Jul 2011 22:01:14 -0000
Received: by pvt.openwall.com (Postfix, from userid 503)
	id 221582FD2D; Fri, 22 Jul 2011 02:01:11 +0400 (MSD)
Date: Fri, 22 Jul 2011 02:01:11 +0400
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: PHP Internals List <internals@lists.php.net>
Message-ID: <20110721220111.GC4559@openwall.com>
References: <20110719234406.GB28946@openwall.com> <4E277F0C.9010003@sugarcrm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4E277F0C.9010003@sugarcrm.com>
User-Agent: Mutt/1.4.2.3i
Subject: Re: [PHP-DEV] CRYPT_SHA256 fails tests in trunk
From: solar@openwall.com (Solar Designer)

On Wed, Jul 20, 2011 at 06:21:16PM -0700, Stas Malyshev wrote:
> On 7/19/11 4:44 PM, Solar Designer wrote:
> >Expected:<$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
> >Got<$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C3>
[...]
> Yes, we had buffer overflow error there since the buffer salt[] was 
> PHP_MAX_SALT_LEN+1 but if salt was longer salt[salt_in_len] later wrote 
> 0 into bad place.

Is this buffer overflow still not fixed in 5.4, or does 5.4 also have
the salt truncation bug above?  Either way, it sounds like you need to
figure this out and include a fix in 5.4, before 5.4 proper is released.
Ditto for 5.3.7.

> But for SHA max salt len should be something like 123, so I wonder how 
> comes it got truncated in that case.

I trust that you'll figure it out.

Thanks,

Alexander