Edit report at http://bugs.php.net/bug.php?id=52240&edit=1
ID: 52240
Updated by: fel...@php.net
Reported by: jakub at devsense dot com
Summary: hash_copy() does not copy the HMAC key, causes wrong
results and PHP crashes
-Status: Open
+Status: Closed
Type: Bug
Package: hash related
Operating System: Windows
PHP Version: 5.3.2
-Assigned To:
+Assigned To: felipe
New Comment:
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Previous Comments:
------------------------------------------------------------------------
[2010-07-03 15:06:17] fel...@php.net
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&revision=300972
Log: - Fixed bug #52240 (hash_copy() does not copy the HMAC key, causes
wrong results and PHP crashes)
------------------------------------------------------------------------
[2010-07-03 12:43:43] jakub at devsense dot com
Description:
------------
in ./ext/hash/hash.c, line 559
The hash_copy() function does not copy the hash->key field. It only
copies the pointer. Because of hash_final() clears the key, the result
of hash_final of copied hashing resource gives wrong results. It causes
random PHP crashes too, because the pointer to the HMAC key can be
invalid (released within the other hashing context).
Test script:
---------------
$h = hash_init('crc32b', HASH_HMAC, '123456' );
$h2 = hash_copy($h);
var_dump(hash_final($h));
var_dump(hash_final($h2));
echo '<-- These two results should be the same.';
Expected result:
----------------
string(8) "278af264" string(8) "278af264" <-- These two results should
be the same.
Actual result:
--------------
string(8) "278af264" string(8) "07997b35" <-- These two results should
be the same.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=52240&edit=1
