On Tue, Aug 23, 2011 at 12:30, Solar Designer wrote:
> On Tue, Aug 23, 2011 at 11:31:02AM +0200, Hannes Magnusson wrote:
>> Added to http://php.net/security/crypt, and added a link from the
>> release announcement and changelog.
>> (should show up in an hour or two).
>
> Thanks. I suggest the fol
On Tue, Aug 23, 2011 at 11:31:02AM +0200, Hannes Magnusson wrote:
> Added to http://php.net/security/crypt, and added a link from the
> release announcement and changelog.
> (should show up in an hour or two).
Thanks. I suggest the following three changes:
1. Change the title from "crypt() secur
2011/8/22 Solar Designer :
> On Mon, Aug 22, 2011 at 04:01:46PM +0200, Pierre Joye wrote:
>> On Mon, Aug 22, 2011 at 3:52 PM, Solar Designer wrote:
>> >> On Mon, Aug 22, 2011 at 3:05 PM, Pierre Joye wrote:
>> >> > it seems that the changes break BC too, pls see
>> >> > https://bugs.php.net/bug.ph
On Mon, Aug 22, 2011 at 04:01:46PM +0200, Pierre Joye wrote:
> On Mon, Aug 22, 2011 at 3:52 PM, Solar Designer wrote:
> >> On Mon, Aug 22, 2011 at 3:05 PM, Pierre Joye wrote:
> >> > it seems that the changes break BC too, pls see
> >> > https://bugs.php.net/bug.php?id=55477
> >
> > We may recomme
On Mon, Aug 22, 2011 at 3:52 PM, Solar Designer wrote:
> On Mon, Aug 22, 2011 at 03:19:53PM +0200, Ferenc Kovacs wrote:
>> we expected this imo.
>> http://www.mail-archive.com/internals@lists.php.net/msg51683.html
>> http://www.mail-archive.com/internals@lists.php.net/msg51687.html
>
> Definitely.
On Mon, Aug 22, 2011 at 03:19:53PM +0200, Ferenc Kovacs wrote:
> we expected this imo.
> http://www.mail-archive.com/internals@lists.php.net/msg51683.html
> http://www.mail-archive.com/internals@lists.php.net/msg51687.html
Definitely.
> On Mon, Aug 22, 2011 at 3:05 PM, Pierre Joye wrote:
> > it
we expected this imo.
http://www.mail-archive.com/internals@lists.php.net/msg51683.html
http://www.mail-archive.com/internals@lists.php.net/msg51687.html
On Mon, Aug 22, 2011 at 3:05 PM, Pierre Joye wrote:
> hi,
>
> it seems that the changes break BC too, pls see
> https://bugs.php.net/bug.php?i
hi,
it seems that the changes break BC too, pls see
https://bugs.php.net/bug.php?id=55477
Does that ring a bell to you?
On Wed, Jul 20, 2011 at 1:44 AM, Solar Designer wrote:
> Hi,
>
> These tests fail in trunk on my x86_64 build:
>
> crypt_sha256.phpt
> crypt_variation1.phpt
>
> The difference
On Mon, Aug 01, 2011 at 02:54:29AM +0400, Solar Designer wrote:
> On Mon, Aug 01, 2011 at 02:33:27AM +0400, Solar Designer wrote:
> > On Sun, Jul 31, 2011 at 02:43:12PM -0700, Stas Malyshev wrote:
> > > The change that introduced this problem is:
> > > http://svn.php.net/viewvc/php/php-src/branches
Hi!
On 7/31/11 3:33 PM, Solar Designer wrote:
Now that I look at this, I think there are more problems around this
place in the code:
I just fixed the immediate problem, but giving a second look to this
code I don't really understand why there should be NULL termination at
all - we know the
On Mon, Aug 01, 2011 at 02:33:27AM +0400, Solar Designer wrote:
> On Sun, Jul 31, 2011 at 02:43:12PM -0700, Stas Malyshev wrote:
> > The change that introduced this problem is:
> > http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/crypt_sha256.c?r1=300427&r2=312952
>
> Now that I
Hi Stas, Pierre -
On Sun, Jul 31, 2011 at 02:43:12PM -0700, Stas Malyshev wrote:
> On 7/19/11 4:44 PM, Solar Designer wrote:
> >That is, the salts are truncated. There's a relevant recent change in
> >crypt.c involving the line:
> >
> > salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len)
Hi!
On 7/19/11 4:44 PM, Solar Designer wrote:
Hi,
These tests fail in trunk on my x86_64 build:
crypt_sha256.phpt
crypt_variation1.phpt
The differences are like this:
Expected:<$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
Got<$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C
On Wed, Jul 20, 2011 at 06:21:16PM -0700, Stas Malyshev wrote:
> On 7/19/11 4:44 PM, Solar Designer wrote:
> >Expected:<$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
> >Got<$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C3>
[...]
> Yes, we had buffer overflow error there since the
Hi!
On 7/19/11 4:44 PM, Solar Designer wrote:
Hi,
These tests fail in trunk on my x86_64 build:
crypt_sha256.phpt
crypt_variation1.phpt
The differences are like this:
Expected:<$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
Got<$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C
Hi,
These tests fail in trunk on my x86_64 build:
crypt_sha256.phpt
crypt_variation1.phpt
The differences are like this:
Expected: <$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
Got <$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C3>
That is, the salts are truncated. Th
16 matches
Mail list logo
