Priority: Minor - P4
Affects Version/s: None
Fix Version/s: 1.9.1
When initializing a DBPointer, the size of the struct's id buffer (25) is provided to strncpy. We should actually specify 24, since that is the typical length provided to the function for valid input.
php_phongo_dbpointer_init is called from two context:
- php_phongo_dbpointer_init_from_hash, which passes results from Z_STRVAL_P and Z_STRLEN_P. The length will be 24 in most cases.
- php_phongo_dbpointer_clone_object, which passes another original struct's id buffer and a fixed size of 24
Note that bson_oid_is_valid accepts a length of 25, provided that byte is a null terminator. Otherwise, 24 is required.
Secondly, although we can assume that internal struct was zero-allocated, it may be safer to explicitly set the null byte after copying:
Alternatively, memset the entire structure first: