Fix the implementation of BlowFish to solve bugs concerning NUL bytes truncating strings

NEWS

@@ -138,6 +138,8 @@ PHP                                                                        NEWS
     while COW violation flag is still set). (alexandre-daubois)
   . Added form feed (\f) in the default trimmed characters of trim(), rtrim()
     and ltrim(). (Weilin Du)
+  . Fixed bug GH-21673 Reject NUL bytes in bcrypt passwords passed to 
+    password_verify(). (Weilin Du)
   . Invalid mode values now throw in array_filter() instead of being silently
     defaulted to 0. (Jorg Sowa)
   . Fixed bug GH-21058 (error_log() crashes with message_type 3 and

ext/standard/password.c

@@ -153,6 +153,12 @@ static bool php_password_bcrypt_needs_rehash(const zend_string *hash, zend_array
 
 static bool php_password_bcrypt_verify(const zend_string *password, const zend_string *hash) {
 	int status = 0;
+
+	/* password_hash() already rejects NUL bytes for bcrypt inputs. */
+	if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
+		return false;
+	}
+
 	zend_string *ret = php_crypt(ZSTR_VAL(password), (int)ZSTR_LEN(password), ZSTR_VAL(hash), (int)ZSTR_LEN(hash), 1);
 
 	if (!ret) {

ext/standard/tests/password/password_bcrypt_null_verify.phpt

@@ -0,0 +1,14 @@
+--TEST--
+password_verify() rejects bcrypt passwords containing null bytes
+--FILE--
+<?php
+$hash = password_hash("foo", PASSWORD_BCRYPT);
+
+var_dump(password_verify("foo", $hash));
+var_dump(password_verify("foo\0bar", $hash));
+var_dump(password_verify("\0foo", $hash));
+?>
+--EXPECT--
+bool(true)
+bool(false)
+bool(false)