php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60801 strpbrk() mishandles NUL byte
Submitted: 2012-01-19 09:37 UTC Modified: 2012-03-02 03:36 UTC
From: dexen dot devries at gmail dot com Assigned: aharvey
Status: Closed Package: Strings related
PHP Version: 5.3.9 OS:
Private report: No CVE-ID:
 [2012-01-19 09:37 UTC] dexen dot devries at gmail dot com
Description:
------------
PHP's strpbrk() passes its string arguments directly to libc strpbrk(), which
considers NUL byte a string-terminatig character rather than a normal part of
the string.

note that, in the test script below, the strpbrk() matches neither the NUL byte,
nor the `a' character (because it occurs after a NUL byte in $haystack), nor
even the `b' character (because it occurs after a NUL byte in $char_list).

Test script:
---------------
$haystack = "foob\x00ar";
$char_list = "a\x00b";
$v = strpbrk($haystack, $char_list);

Expected result:
----------------
$v === "b\x00ar"

Actual result:
--------------
$v === FALSE

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-30 12:56 UTC] aharvey@php.net
-Status: Open +Status: Assigned -Package: Class/Object related +Package: Strings related -Assigned To: +Assigned To: aharvey
 [2012-01-30 13:29 UTC] aharvey@php.net
Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&revision=322934
Log: Fix bug #60801 (strpbrk() mishandles NUL byte) on trunk only for now.
 [2012-01-30 13:30 UTC] aharvey@php.net
-Status: Assigned +Status: Suspended
 [2012-01-30 13:30 UTC] aharvey@php.net
Implemented on trunk. This should be straightforward enough to backport to 5.3 and 
5.4, but with 5.4 in code freeze at present, I'll have to revisit this a bit after 
5.4.0 final is released.
 [2012-01-30 14:12 UTC] dexen dot devries at gmail dot com
thanks for the quick fix, aharvey :-)
 [2012-03-02 03:36 UTC] aharvey@php.net
-Status: Suspended +Status: Closed
 [2012-03-02 03:36 UTC] aharvey@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Backported to 5.3 and 5.4.
 [2012-03-02 03:38 UTC] aharvey@php.net
Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&revision=323779
Log: MFH: Fix bug #60801 (strpbrk() mishandles NUL byte). (Trunk commit: r322934).
 [2012-04-18 09:46 UTC] laruence@php.net
Automatic comment on behalf of aharvey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4dc8b1ad111f3b1ed74b01fdf5efcc9d58858230
Log: Fix bug #60801 (strpbrk() mishandles NUL byte) on trunk only for now.
 [2012-07-24 23:37 UTC] rasmus@php.net
Automatic comment on behalf of aharvey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4dc8b1ad111f3b1ed74b01fdf5efcc9d58858230
Log: Fix bug #60801 (strpbrk() mishandles NUL byte) on trunk only for now.
 [2013-11-17 09:34 UTC] laruence@php.net
Automatic comment on behalf of aharvey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4dc8b1ad111f3b1ed74b01fdf5efcc9d58858230
Log: Fix bug #60801 (strpbrk() mishandles NUL byte) on trunk only for now.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 20:01:57 2014 UTC