PHPC-886: Always recalculate field name length when encoding BSON

jmikola · jmikola · commit caa4650f73e9 · 2017-01-10T12:00:49.000-05:00
diff --git a/src/bson.c b/src/bson.c
@@ -1444,19 +1444,14 @@ void phongo_zval_to_bson(zval *data, php_phongo_bson_flags_t flags, bson_t *bson
 					flags &= ~PHONGO_BSON_ADD_ID;
 				}
 			}
-
-			/* PHP's HashTable API includes the terminating NULL byte in key's
-			 * string length, so subtract to track the equivalent strlen(). */
-			string_key_len -= 1;
 		}
 
 		/* Ensure we're working with a string key */
 		if (hash_type == HASH_KEY_IS_LONG) {
 			spprintf(&string_key, 0, "%ld", num_key);
-			string_key_len = strlen(string_key);
 		}
 
-		phongo_bson_append(bson, flags & ~PHONGO_BSON_ADD_ID, string_key, string_key_len, *value TSRMLS_CC);
+		phongo_bson_append(bson, flags & ~PHONGO_BSON_ADD_ID, string_key, strlen(string_key), *value TSRMLS_CC);
 
 		if (hash_type == HASH_KEY_IS_LONG) {
 			efree(string_key);
diff --git a/tests/bson/bson-fromPHP-006.phpt b/tests/bson/bson-fromPHP-006.phpt
@@ -0,0 +1,50 @@
+--TEST--
+BSON\fromPHP(): PHP documents with null bytes in field name
+--FILE--
+<?php
+
+require_once __DIR__ . '/../utils/tools.php';
+
+echo "\nTesting array with one leading null byte in field name\n";
+hex_dump(fromPHP(["\0" => 1]));
+
+echo "\nTesting array with one trailing null byte in field name\n";
+hex_dump(fromPHP(["a\0" => 1]));
+
+echo "\nTesting array with multiple null bytes in field name\n";
+hex_dump(fromPHP(["\0\0\0" => 1]));
+
+/* Per PHPC-884, field names with a leading null byte are ignored when encoding
+ * a document from an object's property hash table, since PHP uses leading bytes
+ * to denote protected and private properties. */
+echo "\nTesting object with one leading null byte in field name\n";
+hex_dump(fromPHP((object) ["\0" => 1]));
+
+echo "\nTesting object with one trailing null byte in field name\n";
+hex_dump(fromPHP((object) ["a\0" => 1]));
+
+echo "\nTesting object with multiple null bytes in field name\n";
+hex_dump(fromPHP((object) ["\0\0\0" => 1]));
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+Testing array with one leading null byte in field name
+     0 : 0b 00 00 00 10 00 01 00 00 00 00                 [...........]
+
+Testing array with one trailing null byte in field name
+     0 : 0c 00 00 00 10 61 00 01 00 00 00 00              [.....a......]
+
+Testing array with multiple null bytes in field name
+     0 : 0b 00 00 00 10 00 01 00 00 00 00                 [...........]
+
+Testing object with one leading null byte in field name
+     0 : 05 00 00 00 00                                   [.....]
+
+Testing object with one trailing null byte in field name
+     0 : 0c 00 00 00 10 61 00 01 00 00 00 00              [.....a......]
+
+Testing object with multiple null bytes in field name
+     0 : 05 00 00 00 00                                   [.....]
+===DONE===

Original file line number	Diff line number	Diff line change
`@@ -1444,19 +1444,14 @@ void phongo_zval_to_bson(zval data, php_phongo_bson_flags_t flags, bson_t bson`
`1444`	`1444`	`flags &= ~PHONGO_BSON_ADD_ID;`
`1445`	`1445`	`}`
`1446`	`1446`	`}`
`1447`		`-`
`1448`		`- /* PHP's HashTable API includes the terminating NULL byte in key's`
`1449`		`- * string length, so subtract to track the equivalent strlen(). */`
`1450`		`- string_key_len -= 1;`
`1451`	`1447`	`}`
`1452`	`1448`
`1453`	`1449`	`/* Ensure we're working with a string key */`
`1454`	`1450`	`if (hash_type == HASH_KEY_IS_LONG) {`
`1455`	`1451`	`spprintf(&string_key, 0, "%ld", num_key);`
`1456`		`- string_key_len = strlen(string_key);`
`1457`	`1452`	`}`
`1458`	`1453`
`1459`		`- phongo_bson_append(bson, flags & ~PHONGO_BSON_ADD_ID, string_key, string_key_len, *value TSRMLS_CC);`
	`1454`	`+ phongo_bson_append(bson, flags & ~PHONGO_BSON_ADD_ID, string_key, strlen(string_key), *value TSRMLS_CC);`
`1460`	`1455`
`1461`	`1456`	`if (hash_type == HASH_KEY_IS_LONG) {`
`1462`	`1457`	`efree(string_key);`