Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:61043 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 81035 invoked from network); 29 Jun 2012 15:18:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Jun 2012 15:18:00 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.212.42 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.212.42 mail-vb0-f42.google.com Received: from [209.85.212.42] ([209.85.212.42:42391] helo=mail-vb0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 3D/64-62543-727CDEF4 for ; Fri, 29 Jun 2012 11:18:00 -0400 Received: by vbbfs19 with SMTP id fs19so2726338vbb.29 for ; Fri, 29 Jun 2012 08:17:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=N0W1kpqKGxutOCWLzDQej665AJj5/kmzE+YJ+NoI9KQ=; b=gawsnqgbMJbZb7qpe9l9meVxeuOy1BfTFCY8Tvy7R/5oNcKvvrP4zrdSQA/zdJ1iYv fdBdXhTVJRdgsb8qGgaqL+RWXi5gwjnN0rFT0ZV9Nu2hrJ0IgCMFTifv51TGWjWO1JF/ z0TRWleTkkvTMbTTu2fBbsb/+Xe8xEk+H/ZDID7Wdgs+fdBGMxrhy3DGPfRojn5BTTAw PM2Trpy/fdRCXUFpTUl9VZKUPI948ydayZHkcqoTTur9pLhEG0zvWIpqr4x73dIxvAJx iNaWZBMX58mR9ju1O15ctKgrCrmSMjuWXW2HNpvMeSqaIWOobEnjvSaDRiKDaCt2herD vL+w== Received: by 10.52.30.2 with SMTP id o2mr1024252vdh.132.1340983076773; Fri, 29 Jun 2012 08:17:56 -0700 (PDT) Received: from [172.16.26.30] ([38.106.64.245]) by mx.google.com with ESMTPS id cy18sm1500788vdb.9.2012.06.29.08.17.54 (version=SSLv3 cipher=OTHER); Fri, 29 Jun 2012 08:17:55 -0700 (PDT) Message-ID: <4FEDC721.7050202@lerdorf.com> Date: Fri, 29 Jun 2012 08:17:53 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Anthony Ferrara CC: Nikita Popov , PHP internals References: In-Reply-To: X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQk0gbYDcu0cRqzZ+l70MkkbcVitfKNhQwmCSjHabWylJn4/UjBspieR4WgZYnDsMqYVH3z3 Subject: Re: [PHP-DEV] Asking for a review of crypt() allocation changes From: rasmus@lerdorf.com (Rasmus Lerdorf) On 06/29/2012 05:56 AM, Anthony Ferrara wrote: > Additionally, it appears that SHA256/512 are way overallocating the buffer. > > For SHA512: > > int needed = (sizeof(sha512_salt_prefix) - 1 > + sizeof(sha512_rounds_prefix) + 9 + 1 > + salt_in_len + 1 + 86 + 1); > output = emalloc(needed); > salt[salt_in_len] = '\0'; > crypt_res = php_sha512_crypt_r(str, salt, output, needed); > // snip > memset(output, 0, needed); > efree(output); > > The salt_in_len includes the salt_prefix and the rounds_prefix as well. > > Since salt_in_len (thanks to the allocations before hand) can be up to > PHP_MAX_SALT_LEN > http://lxr.php.net/xref/PHP_TRUNK/ext/standard/crypt.c#88 which is 123 > characters, the output of the function can be no bigger than > PHP_MAX_SALT_LEN. Therefore the "needed" variable can be replaced by > PHP_MAX_SALT_LEN everywhere... > > output = emalloc(MAX_SALT_LEN); > salt[salt_in_len] = '\0'; > crypt_res = php_sha512_crypt_r(str, salt, output, MAX_SALT_LEN); > // snip > memset(output, 0, MAX_SALT_LEN); > efree(output); > > We can do the same for sha256. But in that case, we'll be > overallocating the buffer as well. Although not nearly as bad as we > are now. > > Thoughts? We need to get into the habit of using safe_emalloc() on any emalloc() that takes its size from a user-provided argument. -Rasmus