Update password.c

Author: LamentXU123

ext/standard/password.c

@@ -153,12 +153,6 @@ static bool php_password_bcrypt_needs_rehash(const zend_string *hash, zend_array
 
 static bool php_password_bcrypt_verify(const zend_string *password, const zend_string *hash) {
 	int status = 0;
-
-	/* password_hash() already rejects NUL bytes for bcrypt inputs. */
-	if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
-		return false;
-	}
-
 	zend_string *ret = php_crypt(ZSTR_VAL(password), (int)ZSTR_LEN(password), ZSTR_VAL(hash), (int)ZSTR_LEN(hash), 1);
 
 	if (!ret) {
@@ -187,7 +181,7 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a
 	zval *zcost;
 	zend_long cost = PHP_PASSWORD_BCRYPT_COST;
 
-	if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
+	if (zend_str_has_nul_byte(password)) {
 		zend_value_error("Bcrypt password must not contain null character");
 		return NULL;
 	}
@@ -626,6 +620,10 @@ PHP_FUNCTION(password_verify)
 	ZEND_PARSE_PARAMETERS_END();
 
 	algo = php_password_algo_identify(hash);
+	if (algo == &php_password_algo_bcrypt && zend_str_has_nul_byte(password)) {
+		RETURN_FALSE;
+	}
+
 	RETURN_BOOL(algo && (!algo->verify || algo->verify(password, hash)));
 }
 /* }}} */