[Pkg-php-commits] [php/debian-sid] New debian patch fix_broken_sha2_test.patch

[Ondřej Surý]

Author: Ondřej Surý
Forwarded: yes
Description: Original tests for SHA-2 family functions are broken
 beyond repair (stack overwrites, etc.)
---
 debian/patches/fix_broken_sha2_test.patch |   40 +++++++++++++++++++++++++++++
 debian/patches/series                     |    1 +
 2 files changed, 41 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/fix_broken_sha2_test.patch

diff --git a/debian/patches/fix_broken_sha2_test.patch b/debian/patches/fix_broken_sha2_test.patch
new file mode 100644
index 0000000..4e1fa86
--- /dev/null
+++ b/debian/patches/fix_broken_sha2_test.patch
@@ -0,0 +1,40 @@
+--- a/ext/standard/config.m4
++++ b/ext/standard/config.m4
+@@ -184,12 +184,12 @@ AC_TRY_RUN([
+ 
+ main() {
+ #if HAVE_CRYPT
+-    char salt[30], answer[80];
+-    
+-    salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0';
++    char salt[21], answer[21+86];
++
++    strcpy(salt,"\$6\$rasmuslerdorf\$");
+     strcpy(answer, salt);
+-    strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu.");
+-    exit (strcmp((char *)crypt("foo",salt),answer));
++    strcat(answer, "EeHCRjm0bljalWuALHSTs1NB9ipEiLEXLhYeXdOpx22gmlmVejnVXFhd84cEKbYxCo.XuUTrW.RLraeEnsvWs/");
++    exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer));
+ #else
+ 	exit(0);
+ #endif
+@@ -213,12 +213,13 @@ AC_TRY_RUN([
+ 
+ main() {
+ #if HAVE_CRYPT
+-    char salt[30], answer[80];
+-    salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t';  salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0';    
+-    strcat(salt,"");
++    char salt[21], answer[21+43];
++
++    strcpy(salt,"\$5\$rasmuslerdorf\$");
+     strcpy(answer, salt);
+-    strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5");
+-    exit (strcmp((char *)crypt("foo",salt),answer));
++    strcat(answer, "cFAm2puLCujQ9t.0CxiFIIvFi4JyQx5UncCt/xRIX23");
++    exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer));
++
+ #else
+ 	exit(0);
+ #endif
+
diff --git a/debian/patches/series b/debian/patches/series
index b1f1634..8e46dfe 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -46,3 +46,4 @@ filter_validate_int.patch
 zend_int_overflow.patch
 fix_var_dump_64bit.phpt.patch
 use_embedded_timezonedb_fixes.patch
+fix_broken_sha2_test.patch
-- 
1.6.3.3