Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()

author: Stanislav Malyshev <stas@php.net> 2016-02-21 23:45:57 -0800
committer: Stanislav Malyshev <stas@php.net> 2016-03-01 22:32:38 -0800
commit: 07b6fc93b11b46926db6e7c02f90c84981a40c33 (patch)
tree: fd6518214ad1e2846277ea9884aa00cc05e0c6b8 /ext/soap/php_http.c
parent: 9cabc99fcef0f12b472e40811beab4eb2ef17e1b (diff)
download: php-git-07b6fc93b11b46926db6e7c02f90c84981a40c33.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 2baa0fa3ff..a2d0b6207d 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -833,8 +833,10 @@ try_again:
 						    Z_TYPE_P(value) == IS_STRING) {
 						  zval *tmp;
 						  if (((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 1)) == NULL ||
+							   Z_TYPE_P(tmp) != IS_STRING ||
 						       strncmp(phpurl->path?phpurl->path:"/",Z_STRVAL_P(tmp),Z_STRLEN_P(tmp)) == 0) &&
 						      ((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 2)) == NULL ||
+							   Z_TYPE_P(tmp) != IS_STRING ||
 						       in_domain(phpurl->host,Z_STRVAL_P(tmp))) &&
 						      (use_ssl || (tmp = zend_hash_index_find(Z_ARRVAL_P(data), 3)) == NULL)) {
 								smart_str_append(&soap_headers, key);
author	Stanislav Malyshev <stas@php.net>	2016-02-21 23:45:57 -0800
committer	Stanislav Malyshev <stas@php.net>	2016-03-01 22:32:38 -0800
commit	07b6fc93b11b46926db6e7c02f90c84981a40c33 (patch)
tree	fd6518214ad1e2846277ea9884aa00cc05e0c6b8 /ext/soap/php_http.c
parent	9cabc99fcef0f12b472e40811beab4eb2ef17e1b (diff)
download	php-git-07b6fc93b11b46926db6e7c02f90c84981a40c33.tar.gz