PHP substr_compare() Vulnerability 浅析

Published on 2006 - 08 - 15
    <br />
    <font style= color="#000000">新blog开张,贴个文章测试一下<br /><br /></font>
    <span style="COLOR: #000000">
            <font face="Courier New">
                    <font style=>
                            <font color="#000000">
                                    <b>PHP substr_compare() Vulnerability 浅析</b>
                                    <br />
                                    <br />Author: wofeiwo <br />Date: Aug 14th 2006 <br /><br />先看看公告: <br /><br /><hr /><br />PHP多个远程安全漏洞 <br /><br />发布日期:2006-08-03 <br />更新日期:2006-08-04 <br /><br />受影响系统: <br />PHP PHP 4.4.x <br />不受影响系统: <br />PHP PHP 4.4.3 <br />描述: <br />-------------------------------------------------------------------------------- <br />CVE(CAN) ID: CVE-2006-3016 <br /><br />PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 <br /><br />PHP的substr_compare()函数没有正确的验证偏移/长度参数。此外,PHP还没有正确的处理会话名称中的某些字符。攻击者可以利用这些漏洞远程执行任意代码。 <br /><br />&lt;*来源:Secunia <br />   <br />  链接:http://secunia.com/advisories/21328/print/ <br />        http://www.php.net/release_4_4_3.php <br />*&gt; <br /><br /><hr /><br />公告里只说明影响为 PHP &lt;= 4.4.3, 其实 PHP 5.1.3 以下也受到这个漏洞影响. <br /><br />再来看看 PHP 手册里对这个函数的描述. <br /><br /><hr /><br />Description <br /></font>
                    </font>
            </font>
            <span style="COLOR: #0000bb">
                    <br />
            </span>
            <div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
                    <span style="COLOR: #000000">int  </span>
                    <span style="COLOR: #008080">substr_compare</span>
                    <span style="COLOR: #000000">  (  </span>
                    <span style="COLOR: #0000ff">string</span>
                    <span style="COLOR: #000000">  main_str </span>
                    <span style="COLOR: #000000">,</span>
                    <span style="COLOR: #000000">   </span>
                    <span style="COLOR: #0000ff">string</span>
                    <span style="COLOR: #000000">  str </span>
                    <span style="COLOR: #000000">,</span>
                    <span style="COLOR: #000000">  int offset [ </span>
                    <span style="COLOR: #000000">,</span>
                    <span style="COLOR: #000000">  int length [ </span>
                    <span style="COLOR: #000000">,</span>
                    <span style="COLOR: #000000">  bool case_insensitivity]] ) <br /></span>
            </div>
            <br />
            <font face="Courier New">
                    <font style= color="#000000">substr_compare() compares main_str from position offset with str up to length characters.  <br /><br />Returns &lt; 0 if main_str from position offset is less than str, &gt; 0 if it is greater than str, and 0 if they are equal. If length is equal or greater than length of main_str and length is set, substr_compare() prints warning and returns FALSE.  <br /><br />If case_insensitivity is TRUE, comparison is case insensitive <br /><br /><hr /><br /></font>
                    <font style= color="#000000">看来是一个比较字符串与子字符串的函数.下面来分析漏洞原因,看代码: <br /><br /></font>
            </font>
            <span style="COLOR: #0000bb">
                    <div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  ripped from PHP-5.1.2  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">PHP_FUNCTION( </span>
                            <span style="COLOR: #008080">substr_compare</span>
                            <span style="COLOR: #000000"> ) <br />{ <br />    char  </span>
                            <span style="COLOR: #000000">*</span>
                            <span style="COLOR: #000000"> s1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">*</span>
                            <span style="COLOR: #000000"> s2; <br />    int s1_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2_len; <br />    long offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  len </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> ; <br />    zend_bool cs </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> ; <br />    uint cmp_len; <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> ssl|lb </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s1_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> cs)  </span>
                            <span style="COLOR: #000000">==</span>
                            <span style="COLOR: #000000">  FAILURE) { <br />        RETURN_FALSE; <br />    } <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  (len  </span>
                            <span style="COLOR: #000000">&amp;&amp;</span>
                            <span style="COLOR: #000000">  offset  </span>
                            <span style="COLOR: #000000">&gt;=</span>
                            <span style="COLOR: #000000">  s1_len) {   </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  简单的检查了 len 是否 != 0 并且 offset 大于 strlen(main_str). 但是 len 和 offset 都可以为负数  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">        php_error_docref( </span>
                            <span style="COLOR: #0000ff">NULL</span>
                            <span style="COLOR: #000000">  TSRMLS_CC </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #ff00ff">E_WARNING</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> The start position cannot exceed initial string length. </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> ); <br />        RETURN_FALSE; <br />    } <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  (offset  </span>
                            <span style="COLOR: #000000">&lt;</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> ) {  </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  offset 为负数,则从 main_str 的尾向前偏移  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">        offset  </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000">  s1_len  </span>
                            <span style="COLOR: #000000">+</span>
                            <span style="COLOR: #000000">  offset;  </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  这里出现问题了.如果 offset 是负数,且绝对值大于 s1_len 呢?得到的 offset 仍然为负数  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">    } <br /><br />    cmp_len  </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000">  (uint) (len  </span>
                            <span style="COLOR: #000000">?</span>
                            <span style="COLOR: #000000">  len  </span>
                            <span style="COLOR: #000000">:</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #008080">MAX</span>
                            <span style="COLOR: #000000"> (s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  (s1_len  </span>
                            <span style="COLOR: #000000">-</span>
                            <span style="COLOR: #000000">  offset)));  </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  这里确定比较的长度,很容易被控制.  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">
                                    <br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  ( </span>
                            <span style="COLOR: #000000">!</span>
                            <span style="COLOR: #000000"> cs) {  </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  传递参数给 zend_binary_strncmp 或 zend_binary_strncasecmp  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">        RETURN_LONG(zend_binary_strncmp(s1  </span>
                            <span style="COLOR: #000000">+</span>
                            <span style="COLOR: #000000">  offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  (s1_len  </span>
                            <span style="COLOR: #000000">-</span>
                            <span style="COLOR: #000000">  offset) </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  cmp_len)); <br />    }  </span>
                            <span style="COLOR: #0000ff">else</span>
                            <span style="COLOR: #000000">  { <br />        RETURN_LONG(zend_binary_strncasecmp(s1  </span>
                            <span style="COLOR: #000000">+</span>
                            <span style="COLOR: #000000">  offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  (s1_len  </span>
                            <span style="COLOR: #000000">-</span>
                            <span style="COLOR: #000000">  offset) </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  cmp_len)); <br />    } <br />} <br /></span>
                    </div>
                    <br />
            </span>
            <font face="Courier New">
                    <font style= color="#000000">再来看 zend_binary_strncmp 函数: <br /></font>
            </font>
            <span style="COLOR: #0000bb">
                    <br />
            </span>
            <span style="COLOR: #0000bb">
                    <div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
                            <span style="COLOR: #000000">ZEND_API int zend_binary_strncmp(char  </span>
                            <span style="COLOR: #000000">*</span>
                            <span style="COLOR: #000000"> s1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  uint len1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  char  </span>
                            <span style="COLOR: #000000">*</span>
                            <span style="COLOR: #000000"> s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  uint len2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  uint length) <br />{ <br />    int retval; <br />     <br />    retval  </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000">  memcmp(s1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #008080">MIN</span>
                            <span style="COLOR: #000000"> (length </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #008080">MIN</span>
                            <span style="COLOR: #000000"> (len1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  len2))); <br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  ( </span>
                            <span style="COLOR: #000000">!</span>
                            <span style="COLOR: #000000"> retval) { <br />         </span>
                            <span style="COLOR: #0000ff">return</span>
                            <span style="COLOR: #000000">  ( </span>
                            <span style="COLOR: #008080">MIN</span>
                            <span style="COLOR: #000000"> (length </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  len1)  </span>
                            <span style="COLOR: #000000">-</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #008080">MIN</span>
                            <span style="COLOR: #000000"> (length </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  len2)); <br />    }  </span>
                            <span style="COLOR: #0000ff">else</span>
                            <span style="COLOR: #000000">  { <br />         </span>
                            <span style="COLOR: #0000ff">return</span>
                            <span style="COLOR: #000000">  retval; <br />    } <br />} <br /></span>
                    </div>
                    <br />
            </span>
            <font style= face="Courier New" color="#000000">很明显,如果提交我们设计的参数,很容易造成crash.<br /><br />下面是 PHP-5.1.4 修补后的代码 <br /></font>
            <span style="COLOR: #0000bb">
                    <br />
                    <div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  ripped from PHP-5.1.4  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">PHP_FUNCTION( </span>
                            <span style="COLOR: #008080">substr_compare</span>
                            <span style="COLOR: #000000"> ) <br />{ <br />    char  </span>
                            <span style="COLOR: #000000">*</span>
                            <span style="COLOR: #000000"> s1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">*</span>
                            <span style="COLOR: #000000"> s2; <br />    int s1_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2_len; <br />    long offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  len </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> ; <br />    zend_bool cs </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> ; <br />    uint cmp_len; <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> ssl|lb </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s1 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s1_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;</span>
                            <span style="COLOR: #000000"> cs)  </span>
                            <span style="COLOR: #000000">==</span>
                            <span style="COLOR: #000000">  FAILURE) { <br />        RETURN_FALSE; <br />    } <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  (ZEND_NUM_ARGS()  </span>
                            <span style="COLOR: #000000">&gt;=</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">4</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">&amp;&amp;</span>
                            <span style="COLOR: #000000">  len  </span>
                            <span style="COLOR: #000000">&lt;=</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> ) {  </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  len不能为负数了  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">        php_error_docref( </span>
                            <span style="COLOR: #0000ff">NULL</span>
                            <span style="COLOR: #000000">  TSRMLS_CC </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #ff00ff">E_WARNING</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> The length must be greater than zero </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> ); <br />        RETURN_FALSE; <br />    } <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  (offset  </span>
                            <span style="COLOR: #000000">&lt;</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> ) { <br />        offset  </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000">  s1_len  </span>
                            <span style="COLOR: #000000">+</span>
                            <span style="COLOR: #000000">  offset; <br />        offset  </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000">  (offset  </span>
                            <span style="COLOR: #000000">&lt;</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000"> )  </span>
                            <span style="COLOR: #000000">?</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">0</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">:</span>
                            <span style="COLOR: #000000">  offset;   </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  检查是否 offset 仍然为负数,是,则设为0  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">    } <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  ((offset  </span>
                            <span style="COLOR: #000000">+</span>
                            <span style="COLOR: #000000">  len)  </span>
                            <span style="COLOR: #000000">&gt;=</span>
                            <span style="COLOR: #000000">  s1_len) {  </span>
                            <span style="COLOR: #008000">//</span>
                            <span style="COLOR: #008000">  offset+len 也不能大于 s1_len  </span>
                            <span style="COLOR: #008000">
                                    <br />
                            </span>
                            <span style="COLOR: #000000">        php_error_docref( </span>
                            <span style="COLOR: #0000ff">NULL</span>
                            <span style="COLOR: #000000">  TSRMLS_CC </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #ff00ff">E_WARNING</span>
                            <span style="COLOR: #000000"> </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> The start position cannot exceed initial string length </span>
                            <span style="COLOR: #000000">"</span>
                            <span style="COLOR: #000000"> ); <br />        RETURN_FALSE; <br />    } <br /><br />    cmp_len  </span>
                            <span style="COLOR: #000000">=</span>
                            <span style="COLOR: #000000">  (uint) (len  </span>
                            <span style="COLOR: #000000">?</span>
                            <span style="COLOR: #000000">  len  </span>
                            <span style="COLOR: #000000">:</span>
                            <span style="COLOR: #000000">   </span>
                            <span style="COLOR: #008080">MAX</span>
                            <span style="COLOR: #000000"> (s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  (s1_len  </span>
                            <span style="COLOR: #000000">-</span>
                            <span style="COLOR: #000000">  offset))); <br /><br />     </span>
                            <span style="COLOR: #0000ff">if</span>
                            <span style="COLOR: #000000">  ( </span>
                            <span style="COLOR: #000000">!</span>
                            <span style="COLOR: #000000"> cs) { <br />        RETURN_LONG(zend_binary_strncmp(s1  </span>
                            <span style="COLOR: #000000">+</span>
                            <span style="COLOR: #000000">  offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  (s1_len  </span>
                            <span style="COLOR: #000000">-</span>
                            <span style="COLOR: #000000">  offset) </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  cmp_len)); <br />    }  </span>
                            <span style="COLOR: #0000ff">else</span>
                            <span style="COLOR: #000000">  { <br />        RETURN_LONG(zend_binary_strncasecmp(s1  </span>
                            <span style="COLOR: #000000">+</span>
                            <span style="COLOR: #000000">  offset </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  (s1_len  </span>
                            <span style="COLOR: #000000">-</span>
                            <span style="COLOR: #000000">  offset) </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2 </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  s2_len </span>
                            <span style="COLOR: #000000">,</span>
                            <span style="COLOR: #000000">  cmp_len)); <br />    } <br />} <br /></span>
                    </div>
            </span>
    </span>
Comments
Write a Comment