Segfault in php-scrypt/crypto/crypto_scrypt-sse.c:337

DomBlack / php-scrypt

A PHP wrapper fo the scrypt hashing algorithm

Other

209 stars 57 forks source link

Segfault in php-scrypt/crypto/crypto_scrypt-sse.c:337 #31

Closed lstrojny closed 9 years ago

lstrojny commented 10 years ago

From a fuzzing run on the extension: Calling scrypt()with a r = 11111 leads to a segfault because of an invalid free in php-scrypt/crypto/crypto_scrypt-sse.c:337

Reproduce

php -r 'var_dump(scrypt("foo", null, 1, 11111, 1, 16));'

DomBlack commented 10 years ago

This is caused by the N parameter being too low, and no error checking on that parameter checking it;

$N must be a power of 2 greater than 1.

lstrojny commented 10 years ago

Indeed, it’s the N = 1