[issue1006] digest is down; suggestions welcome

Justin C. Sherrill justin at shiningsilence.com
Wed May 14 13:07:26 PDT 2008


On Wed, May 14, 2008 2:49 pm, Dionysus Blazakis wrote:
> It seems there was an off-by-one error in the strspn code in our libc.
>  The buffer was a byte too small and resulted in overwriting the saved
> ebx which was the offset to the GOT -- but only if strspn was used
> with a \xff in the second string.
>
> I have a patch here:
> http://dblaz.beevomit.org/dfly/strspn.patch
>
> I've verified it fixes the PHP problem.  Also, I tested it against a
> small program that called strspn with a \xff in the second string and
> verified that ebx was correctly restored (unlike prior to the patch).

This fixed it - the Digest is back up, thanks to Dave.

This would be worth bringing back to 1.12.2.







More information about the Bugs mailing list