Closed lstrojny closed 9 years ago
From a fuzzing run on the extension: Calling scrypt()with a r = 11111 leads to a segfault because of an invalid free in php-scrypt/crypto/crypto_scrypt-sse.c:337
scrypt()
r = 11111
php-scrypt/crypto/crypto_scrypt-sse.c:337
php -r 'var_dump(scrypt("foo", null, 1, 11111, 1, 16));'
This is caused by the N parameter being too low, and no error checking on that parameter checking it;
$N must be a power of 2 greater than 1.
Indeed, it’s the N = 1
N = 1
From a fuzzing run on the extension: Calling
scrypt()
with ar = 11111
leads to a segfault because of an invalid free inphp-scrypt/crypto/crypto_scrypt-sse.c:337
Reproduce