From 2ab212300eaf812b0bd7853c70c87efa94426953 Mon Sep 17 00:00:00 2001 From: Jeremy Albert Date: Fri, 9 Sep 2022 12:02:34 -0700 Subject: [PATCH 1/4] Avoid implicit conversion from float to int --- phpseclib/Net/SFTP.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index fe2e2bad..b8b1bab6 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -459,11 +459,8 @@ class Net_SFTP extends Net_SSH2 0x00002000 => 'NET_SFTP_ATTR_LINK_COUNT', 0x00004000 => 'NET_SFTP_ATTR_UNTRANSLATED_NAME', 0x00008000 => 'NET_SFTP_ATTR_CTIME', - // 0x80000000 will yield a floating point on 32-bit systems and converting floating points to integers - // yields inconsistent behavior depending on how php is compiled. so we left shift -1 (which, in - // two's compliment, consists of all 1 bits) by 31. on 64-bit systems this'll yield 0xFFFFFFFF80000000. - // that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored. - (-1 << 31) & 0xFFFFFFFF => 'NET_SFTP_ATTR_EXTENDED' + // intval is used because 0x80000000 will yield a floating point on 32-bit systems + intval(0x80000000) => 'NET_SFTP_ATTR_EXTENDED' ); $this->open_flags = array( 0x00000001 => 'NET_SFTP_OPEN_READ', From 51cafda4a33993d210ff5641b5e87ab4bd7638c6 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 13 Sep 2022 23:56:13 -0500 Subject: [PATCH 2/4] make PHP 8.1 32-bit changes compatable with raspberry pi's --- phpseclib/Math/BigInteger.php | 2 +- phpseclib/Net/SFTP.php | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index ec07d3d8..c2bccae2 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -371,7 +371,7 @@ class Math_BigInteger break; case MATH_BIGINTEGER_MODE_BCMATH: // round $len to the nearest 4 (thanks, DavidMJ!) - $len = (strlen($x) + 3) & 0xFFFFFFFC; + $len = (strlen($x) + 3) & ~3; $x = str_pad($x, $len, chr(0), STR_PAD_LEFT); diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index b8b1bab6..e20c4cd6 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -459,8 +459,11 @@ class Net_SFTP extends Net_SSH2 0x00002000 => 'NET_SFTP_ATTR_LINK_COUNT', 0x00004000 => 'NET_SFTP_ATTR_UNTRANSLATED_NAME', 0x00008000 => 'NET_SFTP_ATTR_CTIME', - // intval is used because 0x80000000 will yield a floating point on 32-bit systems - intval(0x80000000) => 'NET_SFTP_ATTR_EXTENDED' + // 0x80000000 will yield a floating point on 32-bit systems and converting floating points to integers + // yields inconsistent behavior depending on how php is compiled. so we left shift -1 (which, in + // two's compliment, consists of all 1 bits) by 31. on 64-bit systems this'll yield 0xFFFFFFFF80000000. + // that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored. + (PHP_INT_SIZE == 4 ? -1 : 0xFFFFFFFF) => 'NET_SFTP_ATTR_EXTENDED' ); $this->open_flags = array( 0x00000001 => 'NET_SFTP_OPEN_READ', From c4ec1ea0697a0dbc4b9d96e405757f823129e9be Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 13 Sep 2022 23:58:14 -0500 Subject: [PATCH 3/4] Random: fix fallback on PHP 8.1+ --- phpseclib/Crypt/Random.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 6230a55e..0c990823 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -159,7 +159,10 @@ if (!function_exists('crypt_random_string')) { (isset($_POST) ? phpseclib_safe_serialize($_POST) : '') . (isset($_GET) ? phpseclib_safe_serialize($_GET) : '') . (isset($_COOKIE) ? phpseclib_safe_serialize($_COOKIE) : '') . - phpseclib_safe_serialize($GLOBALS) . + // as of PHP 8.1 $GLOBALS cann't be accessed by reference, which eliminates + // the need for phpseclib_safe_serialize. see https://wiki.php.net/rfc/restrict_globals_usage + // for more info + (version_compare(PHP_VERSION, '8.1.0', '>=') ? serialize($GLOBALS) : phpseclib_safe_serialize($GLOBALS)) . phpseclib_safe_serialize($_SESSION) . phpseclib_safe_serialize($_OLD_SESSION) )); From ead5790c80112222218391bd03b08a364f5aed8c Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 14 Sep 2022 23:45:04 -0500 Subject: [PATCH 4/4] CS adjustment --- phpseclib/Crypt/Random.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 1f34b2a5..06a6d028 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -100,7 +100,7 @@ abstract class Random // as of PHP 8.1 $GLOBALS cann't be accessed by reference, which eliminates // the need for phpseclib_safe_serialize. see https://wiki.php.net/rfc/restrict_globals_usage // for more info - (version_compare(PHP_VERSION, '8.1.0', '>=') ? self::safe_serialize($GLOBALS) : self::safe_serialize($GLOBALS)). + (version_compare(PHP_VERSION, '8.1.0', '>=') ? self::safe_serialize($GLOBALS) : self::safe_serialize($GLOBALS)) . self::safe_serialize($_SESSION) . self::safe_serialize($_OLD_SESSION); $v = $seed = $_SESSION['seed'] = sha1($v, true);