PHP Binary Security Detailed

This article mainly share with you the PHP binary security details, I hope to help everyone.

1. PHP binary Securitybinary-safe

The internal functions of PHP can ensure that the expected results are achieved when manipulating binary data, such as,, and so on, str_replace stristr strcmp We say that these functions are binary safe.

The following is a comparison between the C language and PHP to see their processing of binary data

#include "stdio.h" #include "string.h" int main () {char a[] = "aa\0b"; char b[] = "aa\0c";p rintf ("%d\n", strcmp (A, b));p rintf ("%ld\n", strlen (A));} /* 0 2 */

It can be seen that the C language is the end of the "\0" string, so think "aa\0b' and "aa\0c" is the same, the length of 2 discarded "\0b" and "\0c" .

<?php/** * Created by Phpstorm. * User:leon * DATE:17/11/6 * Time: Morning 10:24 * *    $a = "aa\0b";    $b = "aa\0c";    $c = "\0\0";    $d = ' a ';    $e = ' a ';    Var_dump (strcmp ($a, $b));    Var_dump (strcmp ($c, $d));    Var_dump (strlen ($a));    Var_dump (strlen ($c)); # res:int ( -1) int (0) int (4) int (2)

PHP "aa\0b" is different and has a "aa\0c" length of 4

2. The principle of binary security implemented in PHP

The string in PHP is zend_string represented by:

The variables in PHP zend_value represent:

• GC: Variable reference information, such as the reference number of the current value, all variable types used in reference counting have this structure, section 3.1 will be analyzed in detail

• H: Hash value, which is used when evaluating an index in an array

• Len: String length, this value guarantees binary security

• Val: string content, variable length struct, allocating memory at Len length

• 
  Len: string length, which guarantees binary security, does not require the end of a string to be judged like C with the

3.SDS

C: As a Terminator ’\0’ , the C string cannot contain binary data such as text, pictures, audio, video, compressed files, and so on.
PHP: Record len
Sds:simple Dynamic string abstract type for simple dynamic strings, applied to a character representation:

SDS Data structure:

struct SDSHDR {    # records the number of bytes used in the BUF array    # equals the length of the string saved by SDS    int len;    # record the number of bytes not used in the BUF array    int free;    # byte array, used to hold string    char buf[];};

The length of the string saved by SDS is also documented in the structure definition of redis, which guarantees binary security, and the SDS API uses the Len attribute of the string to determine whether the string ends

1. PHP binary Securitybinary-safe

The internal functions of PHP can ensure that the expected results are achieved when manipulating binary data, such as,, and so on, str_replace stristr strcmp We say that these functions are binary safe.

The following is a comparison between the C language and PHP to see their processing of binary data

#include "stdio.h" #include "string.h" int main () {char a[] = "aa\0b"; char b[] = "aa\0c";p rintf ("%d\n", strcmp (A, b));p rintf ("%ld\n", strlen (A));} /* 0 2 */

It can be seen that the C language is the end of the "\0" string, so think "aa\0b' and "aa\0c" is the same, the length of 2 discarded "\0b" and "\0c" .

<?php/** * Created by Phpstorm. * User:leon * DATE:17/11/6 * Time: Morning 10:24 * *    $a = "aa\0b";    $b = "aa\0c";    $c = "\0\0";    $d = ' a ';    $e = ' a ';    Var_dump (strcmp ($a, $b));    Var_dump (strcmp ($c, $d));    Var_dump (strlen ($a));    Var_dump (strlen ($c)); # res:int ( -1) int (0) int (4) int (2)

PHP "aa\0b" is different and has a "aa\0c" length of 4

2. The principle of binary security implemented in PHP

The string in PHP is zend_string represented by:

The variables in PHP zend_value represent:

• GC: Variable reference information, such as the reference number of the current value, all variable types used in reference counting have this structure, section 3.1 will be analyzed in detail

• H: Hash value, which is used when evaluating an index in an array

• Len: String length, this value guarantees binary security

• Val: string content, variable length struct, allocating memory at Len length

• 
  Len: string length, which guarantees binary security, does not require the end of a string to be judged like C with the

3.SDS

C: As a Terminator ’\0’ , the C string cannot contain binary data such as text, pictures, audio, video, compressed files, and so on.
PHP: Record len
Sds:simple Dynamic string abstract type for simple dynamic strings, applied to a character representation:

SDS Data structure:

struct SDSHDR {    # records the number of bytes used in the BUF array    # equals the length of the string saved by SDS    int len;    # record the number of bytes not used in the BUF array    int free;    # byte array, used to hold string    char buf[];};

The length of the string saved by SDS is also documented in the structure definition of redis, which guarantees binary security, and the SDS API uses the Len attribute of the string to determine whether the string ends.