<br />
<font style= color="#000000">新blog开张,贴个文章测试一下<br /><br /></font>
<span style="COLOR: #000000">
<font face="Courier New">
<font style=>
<font color="#000000">
<b>PHP substr_compare() Vulnerability 浅析</b>
<br />
<br />Author: wofeiwo <br />Date: Aug 14th 2006 <br /><br />先看看公告: <br /><br /><hr /><br />PHP多个远程安全漏洞 <br /><br />发布日期:2006-08-03 <br />更新日期:2006-08-04 <br /><br />受影响系统: <br />PHP PHP 4.4.x <br />不受影响系统: <br />PHP PHP 4.4.3 <br />描述: <br />-------------------------------------------------------------------------------- <br />CVE(CAN) ID: CVE-2006-3016 <br /><br />PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 <br /><br />PHP的substr_compare()函数没有正确的验证偏移/长度参数。此外,PHP还没有正确的处理会话名称中的某些字符。攻击者可以利用这些漏洞远程执行任意代码。 <br /><br /><*来源:Secunia <br /> <br /> 链接:http://secunia.com/advisories/21328/print/ <br /> http://www.php.net/release_4_4_3.php <br />*> <br /><br /><hr /><br />公告里只说明影响为 PHP <= 4.4.3, 其实 PHP 5.1.3 以下也受到这个漏洞影响. <br /><br />再来看看 PHP 手册里对这个函数的描述. <br /><br /><hr /><br />Description <br /></font>
</font>
</font>
<span style="COLOR: #0000bb">
<br />
</span>
<div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
<span style="COLOR: #000000">int </span>
<span style="COLOR: #008080">substr_compare</span>
<span style="COLOR: #000000"> ( </span>
<span style="COLOR: #0000ff">string</span>
<span style="COLOR: #000000"> main_str </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #0000ff">string</span>
<span style="COLOR: #000000"> str </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> int offset [ </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> int length [ </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> bool case_insensitivity]] ) <br /></span>
</div>
<br />
<font face="Courier New">
<font style= color="#000000">substr_compare() compares main_str from position offset with str up to length characters. <br /><br />Returns < 0 if main_str from position offset is less than str, > 0 if it is greater than str, and 0 if they are equal. If length is equal or greater than length of main_str and length is set, substr_compare() prints warning and returns FALSE. <br /><br />If case_insensitivity is TRUE, comparison is case insensitive <br /><br /><hr /><br /></font>
<font style= color="#000000">看来是一个比较字符串与子字符串的函数.下面来分析漏洞原因,看代码: <br /><br /></font>
</font>
<span style="COLOR: #0000bb">
<div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> ripped from PHP-5.1.2 </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000">PHP_FUNCTION( </span>
<span style="COLOR: #008080">substr_compare</span>
<span style="COLOR: #000000"> ) <br />{ <br /> char </span>
<span style="COLOR: #000000">*</span>
<span style="COLOR: #000000"> s1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">*</span>
<span style="COLOR: #000000"> s2; <br /> int s1_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2_len; <br /> long offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> len </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ; <br /> zend_bool cs </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ; <br /> uint cmp_len; <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> ssl|lb </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s1_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> cs) </span>
<span style="COLOR: #000000">==</span>
<span style="COLOR: #000000"> FAILURE) { <br /> RETURN_FALSE; <br /> } <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> (len </span>
<span style="COLOR: #000000">&&</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">>=</span>
<span style="COLOR: #000000"> s1_len) { </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> 简单的检查了 len 是否 != 0 并且 offset 大于 strlen(main_str). 但是 len 和 offset 都可以为负数 </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000"> php_error_docref( </span>
<span style="COLOR: #0000ff">NULL</span>
<span style="COLOR: #000000"> TSRMLS_CC </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #ff00ff">E_WARNING</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> The start position cannot exceed initial string length. </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> ); <br /> RETURN_FALSE; <br /> } <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> (offset </span>
<span style="COLOR: #000000"><</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ) { </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> offset 为负数,则从 main_str 的尾向前偏移 </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> s1_len </span>
<span style="COLOR: #000000">+</span>
<span style="COLOR: #000000"> offset; </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> 这里出现问题了.如果 offset 是负数,且绝对值大于 s1_len 呢?得到的 offset 仍然为负数 </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000"> } <br /><br /> cmp_len </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> (uint) (len </span>
<span style="COLOR: #000000">?</span>
<span style="COLOR: #000000"> len </span>
<span style="COLOR: #000000">:</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #008080">MAX</span>
<span style="COLOR: #000000"> (s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> (s1_len </span>
<span style="COLOR: #000000">-</span>
<span style="COLOR: #000000"> offset))); </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> 这里确定比较的长度,很容易被控制. </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000">
<br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> ( </span>
<span style="COLOR: #000000">!</span>
<span style="COLOR: #000000"> cs) { </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> 传递参数给 zend_binary_strncmp 或 zend_binary_strncasecmp </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000"> RETURN_LONG(zend_binary_strncmp(s1 </span>
<span style="COLOR: #000000">+</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> (s1_len </span>
<span style="COLOR: #000000">-</span>
<span style="COLOR: #000000"> offset) </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> cmp_len)); <br /> } </span>
<span style="COLOR: #0000ff">else</span>
<span style="COLOR: #000000"> { <br /> RETURN_LONG(zend_binary_strncasecmp(s1 </span>
<span style="COLOR: #000000">+</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> (s1_len </span>
<span style="COLOR: #000000">-</span>
<span style="COLOR: #000000"> offset) </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> cmp_len)); <br /> } <br />} <br /></span>
</div>
<br />
</span>
<font face="Courier New">
<font style= color="#000000">再来看 zend_binary_strncmp 函数: <br /></font>
</font>
<span style="COLOR: #0000bb">
<br />
</span>
<span style="COLOR: #0000bb">
<div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
<span style="COLOR: #000000">ZEND_API int zend_binary_strncmp(char </span>
<span style="COLOR: #000000">*</span>
<span style="COLOR: #000000"> s1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> uint len1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> char </span>
<span style="COLOR: #000000">*</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> uint len2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> uint length) <br />{ <br /> int retval; <br /> <br /> retval </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> memcmp(s1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #008080">MIN</span>
<span style="COLOR: #000000"> (length </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #008080">MIN</span>
<span style="COLOR: #000000"> (len1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> len2))); <br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> ( </span>
<span style="COLOR: #000000">!</span>
<span style="COLOR: #000000"> retval) { <br /> </span>
<span style="COLOR: #0000ff">return</span>
<span style="COLOR: #000000"> ( </span>
<span style="COLOR: #008080">MIN</span>
<span style="COLOR: #000000"> (length </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> len1) </span>
<span style="COLOR: #000000">-</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #008080">MIN</span>
<span style="COLOR: #000000"> (length </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> len2)); <br /> } </span>
<span style="COLOR: #0000ff">else</span>
<span style="COLOR: #000000"> { <br /> </span>
<span style="COLOR: #0000ff">return</span>
<span style="COLOR: #000000"> retval; <br /> } <br />} <br /></span>
</div>
<br />
</span>
<font style= face="Courier New" color="#000000">很明显,如果提交我们设计的参数,很容易造成crash.<br /><br />下面是 PHP-5.1.4 修补后的代码 <br /></font>
<span style="COLOR: #0000bb">
<br />
<div style="BORDER-RIGHT: #cccccc 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #cccccc 1px solid; PADDING-LEFT: 4px; FONT-SIZE: 13px; PADDING-BOTTOM: 4px; BORDER-LEFT: #cccccc 1px solid; WIDTH: 98%; WORD-BREAK: break-all; PADDING-TOP: 4px; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #eeeeee">
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> ripped from PHP-5.1.4 </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000">PHP_FUNCTION( </span>
<span style="COLOR: #008080">substr_compare</span>
<span style="COLOR: #000000"> ) <br />{ <br /> char </span>
<span style="COLOR: #000000">*</span>
<span style="COLOR: #000000"> s1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">*</span>
<span style="COLOR: #000000"> s2; <br /> int s1_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2_len; <br /> long offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> len </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ; <br /> zend_bool cs </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ; <br /> uint cmp_len; <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> ssl|lb </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s1 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s1_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&</span>
<span style="COLOR: #000000"> cs) </span>
<span style="COLOR: #000000">==</span>
<span style="COLOR: #000000"> FAILURE) { <br /> RETURN_FALSE; <br /> } <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> (ZEND_NUM_ARGS() </span>
<span style="COLOR: #000000">>=</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">4</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">&&</span>
<span style="COLOR: #000000"> len </span>
<span style="COLOR: #000000"><=</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ) { </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> len不能为负数了 </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000"> php_error_docref( </span>
<span style="COLOR: #0000ff">NULL</span>
<span style="COLOR: #000000"> TSRMLS_CC </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #ff00ff">E_WARNING</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> The length must be greater than zero </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> ); <br /> RETURN_FALSE; <br /> } <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> (offset </span>
<span style="COLOR: #000000"><</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ) { <br /> offset </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> s1_len </span>
<span style="COLOR: #000000">+</span>
<span style="COLOR: #000000"> offset; <br /> offset </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> (offset </span>
<span style="COLOR: #000000"><</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> ) </span>
<span style="COLOR: #000000">?</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">0</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">:</span>
<span style="COLOR: #000000"> offset; </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> 检查是否 offset 仍然为负数,是,则设为0 </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000"> } <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> ((offset </span>
<span style="COLOR: #000000">+</span>
<span style="COLOR: #000000"> len) </span>
<span style="COLOR: #000000">>=</span>
<span style="COLOR: #000000"> s1_len) { </span>
<span style="COLOR: #008000">//</span>
<span style="COLOR: #008000"> offset+len 也不能大于 s1_len </span>
<span style="COLOR: #008000">
<br />
</span>
<span style="COLOR: #000000"> php_error_docref( </span>
<span style="COLOR: #0000ff">NULL</span>
<span style="COLOR: #000000"> TSRMLS_CC </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #ff00ff">E_WARNING</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> The start position cannot exceed initial string length </span>
<span style="COLOR: #000000">"</span>
<span style="COLOR: #000000"> ); <br /> RETURN_FALSE; <br /> } <br /><br /> cmp_len </span>
<span style="COLOR: #000000">=</span>
<span style="COLOR: #000000"> (uint) (len </span>
<span style="COLOR: #000000">?</span>
<span style="COLOR: #000000"> len </span>
<span style="COLOR: #000000">:</span>
<span style="COLOR: #000000"> </span>
<span style="COLOR: #008080">MAX</span>
<span style="COLOR: #000000"> (s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> (s1_len </span>
<span style="COLOR: #000000">-</span>
<span style="COLOR: #000000"> offset))); <br /><br /> </span>
<span style="COLOR: #0000ff">if</span>
<span style="COLOR: #000000"> ( </span>
<span style="COLOR: #000000">!</span>
<span style="COLOR: #000000"> cs) { <br /> RETURN_LONG(zend_binary_strncmp(s1 </span>
<span style="COLOR: #000000">+</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> (s1_len </span>
<span style="COLOR: #000000">-</span>
<span style="COLOR: #000000"> offset) </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> cmp_len)); <br /> } </span>
<span style="COLOR: #0000ff">else</span>
<span style="COLOR: #000000"> { <br /> RETURN_LONG(zend_binary_strncasecmp(s1 </span>
<span style="COLOR: #000000">+</span>
<span style="COLOR: #000000"> offset </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> (s1_len </span>
<span style="COLOR: #000000">-</span>
<span style="COLOR: #000000"> offset) </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2 </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> s2_len </span>
<span style="COLOR: #000000">,</span>
<span style="COLOR: #000000"> cmp_len)); <br /> } <br />} <br /></span>
</div>
</span>
</span>
