PHP :: Bug #77454 :: mb_scrub() silently truncates after a null byte

Bug #77454	mb_scrub() silently truncates after a null byte
Submitted:	2019-01-13 16:27 UTC	Modified:	2019-01-14 09:07 UTC
From:	64796c6e69 at gmail dot com	Assigned:	nikic (profile)
Status:	Closed	Package:	mbstring related
PHP Version:	master-Git-2019-01-13 (Git)	OS:	any
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	64796c6e69 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2019-01-13 16:27 UTC] 64796c6e69 at gmail dot com

Description:
------------
mb_scrub() silently truncates anything after a null byte in a string.

This bug has existed since the function was created.

The arguments are read correctly, but the returned value ignores the length:
https://github.com/php/php-src/blob/30668755b64aa732246d952451f89d1fcfe581f0/ext/mbstring/mbstring.c#L4990

Test script:
---------------
<?php
$str = "before\0after";
var_dump(mb_scrub($str, 'latin1'));
var_dump(mb_scrub($str, 'utf-8'));
var_dump(mb_scrub($str, 'ascii'));

Expected result:
----------------
There should be a null byte in each of these.

string(12) "beforeafter"
string(12) "beforeafter"
string(12) "beforeafter"

Actual result:
--------------
string(6) "before"
string(6) "before"
string(6) "before"

Patches

mb_scrub.patch (last revision 2019-01-13 16:27 UTC by 64796c6e69 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-01-13 16:31 UTC] 64796c6e69 at gmail dot com

-Operating System: Linux +Operating System: any

[2019-01-13 16:31 UTC] 64796c6e69 at gmail dot com

Updating OS.

[2019-01-13 16:36 UTC] stas@php.net

-Type: Security +Type: Bug

[2019-01-14 09:07 UTC] nikic@php.net

-Assigned To: +Assigned To: nikic

[2019-01-14 09:24 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3ad0ebdf5cdc6dbe077685907d012eaeac7ea6e4
Log: Fixed bug #77454

[2019-01-14 09:24 UTC] nikic@php.net

-Status: Assigned +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC