Overview

File php7-CVE-2024-3096.patch of Package php7.36545

Index: php-7.4.33/ext/standard/password.c
===================================================================
--- php-7.4.33.orig/ext/standard/password.c
+++ php-7.4.33/ext/standard/password.c
@@ -260,6 +260,11 @@ static zend_string* php_password_bcrypt_
 	zval *zcost;
 	zend_long cost = PHP_PASSWORD_BCRYPT_COST;
 
+	if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
+		php_error_docref(NULL, E_ERROR, "Bcrypt password must not contain null character");
+		return NULL;
+	}
+
 	if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) {
 		cost = zval_get_long(zcost);
 	}
openSUSE Build Service is sponsored by
Places