W32 build fix attempt

Author: devnexen

ext/hash/hash.c

@@ -1110,7 +1110,6 @@ PHP_FUNCTION(hash_pbkdf2)
 PHP_FUNCTION(hash_equals)
 {
 	zval *known_zval, *user_zval;
-	char *known_str, *user_str;
 	int result = 0;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz", &known_zval, &user_zval) == FAILURE) {
@@ -1128,15 +1127,8 @@ PHP_FUNCTION(hash_equals)
 		RETURN_THROWS();
 	}
 
-	if (Z_STRLEN_P(known_zval) != Z_STRLEN_P(user_zval)) {
-		RETURN_FALSE;
-	}
-
-	known_str = Z_STRVAL_P(known_zval);
-	user_str = Z_STRVAL_P(user_zval);
-
 	/* This is security sensitive code. Do not optimize this for speed. */
-	result = php_safe_bcmp(known_str, user_str, Z_STRLEN_P(known_zval));
+	result = php_safe_bcmp(Z_STR_P(known_zval), Z_STR_P(user_zval));
 
 	RETURN_BOOL(0 == result);
 }

ext/standard/password.c

@@ -152,15 +152,14 @@ static bool php_password_bcrypt_needs_rehash(const zend_string *hash, zend_array
 }
 
 static bool php_password_bcrypt_verify(const zend_string *password, const zend_string *hash) {
-	size_t i;
 	int status = 0;
 	zend_string *ret = php_crypt(ZSTR_VAL(password), (int)ZSTR_LEN(password), ZSTR_VAL(hash), (int)ZSTR_LEN(hash), 1);
 
 	if (!ret) {
 		return 0;
 	}
 
-	if (ZSTR_LEN(ret) != ZSTR_LEN(hash) || ZSTR_LEN(hash) < 13) {
+	if (ZSTR_LEN(hash) < 13) {
 		zend_string_free(ret);
 		return 0;
 	}
@@ -169,7 +168,7 @@ static bool php_password_bcrypt_verify(const zend_string *password, const zend_s
 	 * resistance towards timing attacks. This is a constant time
 	 * equality check that will always check every byte of both
 	 * values. */
-	status = php_safe_bcmp(ZSTR_VAL(ret), ZSTR_VAL(hash), ZSTR_LEN(hash));
+	status = php_safe_bcmp(ret, hash);
 
 	zend_string_free(ret);
 	return status == 0;

main/php.h

@@ -180,7 +180,7 @@ END_EXTERN_C()
 #endif
 
 BEGIN_EXTERN_C()
-PHPAPI int php_safe_bcmp(const void *a, const void *b, size_t siz);
+PHPAPI int php_safe_bcmp(const zend_string *a, const zend_string *b);
 END_EXTERN_C()
 
 #ifndef HAVE_STRTOK_R

main/safe_bcmp.c

@@ -1,6 +1,4 @@
 /*
-  +----------------------------------------------------------------------+
-  | PHP Version 8                                                        |
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
@@ -12,22 +10,25 @@
   | obtain it through the world-wide-web, please send a note to          |
   | [email protected] so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
-  | Author:                                                              |
+  | Author: David Carlier <[email protected]>                           |
   +----------------------------------------------------------------------+
 */
 
 #include "php.h"
 
 #include <string.h>
 
-PHPAPI int php_safe_bcmp(const void *a, const void *b, size_t siz)
+PHPAPI int php_safe_bcmp(const zend_string *a, const zend_string *b)
 {
-	const volatile unsigned char *ua = (const volatile unsigned char *)a;
-	const volatile unsigned char *ub = (const volatile unsigned char *)b;
+	const volatile unsigned char *ua = (const volatile unsigned char *)ZSTR_VAL(a);
+	const volatile unsigned char *ub = (const volatile unsigned char *)ZSTR_VAL(b);
 	size_t i = 0;
 	int r = 0;
 
-	while (i < siz) {
+	if (ZSTR_LEN(a) != ZSTR_LEN(b))
+		return -1;
+
+	while (i < ZSTR_LEN(a)) {
 		r |= ua[i] ^ ub[i];
 		++i;
 	}

win32/build/config.w32

@@ -265,7 +265,7 @@ ADD_SOURCES("main", "main.c snprintf.c spprintf.c getopt.c fopen_wrappers.c \
 	php_scandir.c php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
 	strlcat.c reentrancy.c php_variables.c php_ticks.c network.c \
 	php_open_temporary_file.c output.c internal_functions.c \
-	php_syslog.c php_odbc_utils.c");
+	php_syslog.c php_odbc_utils.c safe_bcmp.c");
 ADD_FLAG("CFLAGS_BD_MAIN", "/D ZEND_ENABLE_STATIC_TSRMLS_CACHE=1");
 if (VS_TOOLSET && VCVERS >= 1914) {
 	ADD_FLAG("CFLAGS_BD_MAIN", "/d2FuncCache1");