diff options
author | Andrey Andreev <narf@devilix.net> | 2014-07-07 13:41:57 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-07-07 13:41:57 +0200 |
commit | 2da3550055ea20eba309ef68347a806a3986375d (patch) | |
tree | 4b912af637a838e6583467844e808bea774046e4 /system/core/compat | |
parent | 6500bc77232657141dbc34aa3c840dd9e205b84f (diff) |
Fix potential bugs in password_hash(), CI_Encryption
strlen(), substr() are not byte-safe when mbstring.func_overload is enabled
Diffstat (limited to 'system/core/compat')
-rw-r--r-- | system/core/compat/password.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/system/core/compat/password.php b/system/core/compat/password.php index d5a017d9a..a8bc756f0 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -83,6 +83,9 @@ if ( ! function_exists('password_hash')) */ function password_hash($password, $algo, array $options = array()) { + static $func_override; + isset($func_override) OR $func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); + if ($algo !== 1) { trigger_error('password_hash(): Unknown hashing algorithm: '.(int) $algo, E_USER_WARNING); @@ -95,9 +98,9 @@ if ( ! function_exists('password_hash')) return NULL; } - if (isset($options['salt']) && strlen($options['salt']) < 22) + if (isset($options['salt']) && ($saltlen = ($func_override ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))) < 22) { - trigger_error('password_hash(): Provided salt is too short: '.strlen($options['salt']).' expecting 22', E_USER_WARNING); + trigger_error('password_hash(): Provided salt is too short: '.$saltlen.' expecting 22', E_USER_WARNING); return NULL; } elseif ( ! isset($options['salt'])) @@ -119,7 +122,7 @@ if ( ! function_exists('password_hash')) } $options['salt'] = ''; - for ($read = 0; $read < 16; $read = strlen($options['salt'])) + for ($read = 0; $read < 16; $read = ($func_override) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt'])) { if (($read = fread($fp, 16 - $read)) === FALSE) { |