Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Use req::strndup in php_mb_parse_encoding_list to prevent oob memory …
…write. Summary: Fix out of bounds write access in mb_detect_encoding. Using strndup in php_mb_parse_encoding_list will cause strings with embedded nulls to be unexpectedly shortened. The expected length of the string is tracked in value_length but since strndup may copy fewer characters when there are mbedded null this can lead to oob writes into tmpstr. I've found a couple other places in this file that use strndup and replaced them with req::strndup as well. The use of strndup in mb_send_mail also seemed to be a leak. This replaces uses of strndup with req::strndup which can handle embedded nulls properly. It looks like I also accidentally fixed t11337047 at the same time. Adding it to the list of tasks. Reviewed By: paulbiss Differential Revision: D3360065 fbshipit-source-id: 99776cf9105e3789883380bf30240009eec52cec
- Loading branch information