From 56ed71c7d2b5a615c42074b0e3023aca0a1f4025 Mon Sep 17 00:00:00 2001
From: Scott Arciszewski <scott@arciszewski.me>
Date: Thu, 19 Mar 2015 14:44:31 -0400
Subject: [PATCH] Update StringUtils.php

---
 .../Security/Core/Util/StringUtils.php         | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/Security/Core/Util/StringUtils.php b/src/Symfony/Component/Security/Core/Util/StringUtils.php
index e8f3e3bb64..8cbd191a79 100644
--- a/src/Symfony/Component/Security/Core/Util/StringUtils.php
+++ b/src/Symfony/Component/Security/Core/Util/StringUtils.php
@@ -45,8 +45,8 @@ class StringUtils
             return hash_equals($knownString, $userInput);
         }
 
-        $knownLen = strlen($knownString);
-        $userLen = strlen($userInput);
+        $knownLen = self::safeStrlen($knownString);
+        $userLen = self::safeStrlen($userInput);
 
         // Extend the known string to avoid uninitialized string offsets
         $knownString .= $userInput;
@@ -63,4 +63,18 @@ class StringUtils
         // They are only identical strings if $result is exactly 0...
         return 0 === $result;
     }
+    
+    /**
+     * Return the number of bytes in a string
+     * 
+     * @param string $string The string whose length we wish to obtain
+     * @return int
+     */
+    public static function safeStrlen($string)
+    {
+        if (function_exists('mb_strlen')) {
+            return mb_strlen($string, '8bit');
+        }
+        return strlen($string);
+    }
 }