From 0de0c4ace14437071fb8a8690f387a63c0c48003 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Thu, 9 Jul 2015 16:32:18 +0800 Subject: Fixed Bug #70032 (make_http_soap_request calls zend_hash_get_current_key_ex(,,,NULL)) --- ext/soap/php_http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 3b42a6bf06..e0a749f83d 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -814,7 +814,7 @@ try_again: smart_str_append_const(&soap_headers, "Cookie: "); for (i = 0; i < n; i++) { data = zend_hash_get_current_data(Z_ARRVAL_P(cookies)); - zend_hash_get_current_key_ex(Z_ARRVAL_P(cookies), &key, NULL, NULL); + zend_hash_get_current_key(Z_ARRVAL_P(cookies), &key, NULL); if (Z_TYPE_P(data) == IS_ARRAY) { zval *value; -- cgit v1.2.1 From deeb6379cb26d457badae58df4f24bc30a334ebe Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Thu, 16 Jul 2015 18:32:42 +0800 Subject: Fixed bug #70079 (Segmentation fault after more than 100 SoapClient calls) --- ext/soap/php_http.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index e0a749f83d..60dd9dd3ae 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -507,6 +507,7 @@ try_again: if (stream) { php_stream_auto_cleanup(stream); add_property_resource(this_ptr, "httpsocket", stream->res); + GC_REFCOUNT(stream->res)++; add_property_long(this_ptr, "_use_proxy", use_proxy); } else { php_url_free(phpurl); @@ -524,6 +525,7 @@ try_again: zend_resource *ret = zend_register_resource(phpurl, le_url); add_property_resource(this_ptr, "httpurl", ret); + GC_REFCOUNT(ret)++; /*zend_list_addref(ret);*/ if (context && -- cgit v1.2.1 From 07f8845205e8ccf5124a8c44748be0dc77674536 Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Fri, 7 Aug 2015 10:11:52 +0200 Subject: fix datatype --- ext/soap/php_http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 61573eb77e..e85ed68381 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -815,7 +815,7 @@ try_again: zend_hash_internal_pointer_reset(Z_ARRVAL_P(cookies)); smart_str_append_const(&soap_headers, "Cookie: "); for (i = 0; i < n; i++) { - ulong numindx; + zend_ulong numindx; int res = zend_hash_get_current_key(Z_ARRVAL_P(cookies), &key, &numindx); data = zend_hash_get_current_data(Z_ARRVAL_P(cookies)); -- cgit v1.2.1 From c96d08b27226193dd51f2b50e84272235c6aaa69 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 26 Jul 2015 16:44:18 -0700 Subject: Fix bug #70081: check types for SOAP variables --- ext/soap/php_http.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 8c5082ca30..8dc6e45ef8 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -313,7 +313,7 @@ int make_http_soap_request(zval *this_ptr, int kind = Z_LVAL_PP(tmp) & SOAP_COMPRESSION_DEFLATE; if (level > 9) {level = 9;} - + if ((Z_LVAL_PP(tmp) & SOAP_COMPRESSION_ACCEPT) != 0) { smart_str_append_const(&soap_headers_z,"Accept-Encoding: gzip, deflate\r\n"); } @@ -372,7 +372,7 @@ int make_http_soap_request(zval *this_ptr, context = php_stream_context_from_zval(*tmp, 0); } - if (context && + if (context && php_stream_context_get_option(context, "http", "max_redirects", &tmp) == SUCCESS) { if (Z_TYPE_PP(tmp) != IS_STRING || !is_numeric_string(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &redirect_max, NULL, 1)) { if (Z_TYPE_PP(tmp) == IS_LONG) @@ -470,7 +470,7 @@ try_again: add_property_resource(this_ptr, "httpurl", ret); /*zend_list_addref(ret);*/ - if (context && + if (context && php_stream_context_get_option(context, "http", "protocol_version", &tmp) == SUCCESS && Z_TYPE_PP(tmp) == IS_DOUBLE && Z_DVAL_PP(tmp) == 1.0) { @@ -528,7 +528,7 @@ try_again: smart_str_appendl(&soap_headers, Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp)); smart_str_append_const(&soap_headers, "\r\n"); } - } else if (context && + } else if (context && php_stream_context_get_option(context, "http", "user_agent", &tmp) == SUCCESS && Z_TYPE_PP(tmp) == IS_STRING) { if (Z_STRLEN_PP(tmp) > 0) { @@ -670,7 +670,7 @@ try_again: PHP_MD5Update(&md5ctx, (unsigned char*)HA2, 32); PHP_MD5Final(hash, &md5ctx); make_digest(response, hash); - + smart_str_append_const(&soap_headers, "Authorization: Digest username=\""); smart_str_appendl(&soap_headers, Z_STRVAL_PP(login), Z_STRLEN_PP(login)); if (zend_hash_find(Z_ARRVAL_PP(digest), "realm", sizeof("realm"), (void **)&tmp) == SUCCESS && @@ -688,7 +688,7 @@ try_again: smart_str_appends(&soap_headers, phpurl->path); } else { smart_str_appendc(&soap_headers, '/'); - } + } if (phpurl->query) { smart_str_appendc(&soap_headers, '?'); smart_str_appends(&soap_headers, phpurl->query); @@ -759,18 +759,21 @@ try_again: zend_hash_internal_pointer_reset(Z_ARRVAL_PP(cookies)); smart_str_append_const(&soap_headers, "Cookie: "); for (i = 0; i < n; i++) { + ulong numindx; + int res = zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, &numindx, FALSE); zend_hash_get_current_data(Z_ARRVAL_PP(cookies), (void **)&data); - zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, NULL, FALSE); - if (Z_TYPE_PP(data) == IS_ARRAY) { + if (res == HASH_KEY_IS_STRING && Z_TYPE_PP(data) == IS_ARRAY) { zval** value; if (zend_hash_index_find(Z_ARRVAL_PP(data), 0, (void**)&value) == SUCCESS && Z_TYPE_PP(value) == IS_STRING) { zval **tmp; if ((zend_hash_index_find(Z_ARRVAL_PP(data), 1, (void**)&tmp) == FAILURE || + Z_TYPE_PP(tmp) != IS_STRING || strncmp(phpurl->path?phpurl->path:"/",Z_STRVAL_PP(tmp),Z_STRLEN_PP(tmp)) == 0) && (zend_hash_index_find(Z_ARRVAL_PP(data), 2, (void**)&tmp) == FAILURE || + Z_TYPE_PP(tmp) != IS_STRING || in_domain(phpurl->host,Z_STRVAL_PP(tmp))) && (use_ssl || zend_hash_index_find(Z_ARRVAL_PP(data), 3, (void**)&tmp) == FAILURE)) { smart_str_appendl(&soap_headers, key, strlen(key)); @@ -997,7 +1000,7 @@ try_again: efree(connection); } } - } + } if (!get_http_body(stream, http_close, http_headers, &http_body, &http_body_size TSRMLS_CC)) { if (request != buf) {efree(request);} @@ -1048,7 +1051,7 @@ try_again: strcat(s, new_url->path); efree(new_url->path); new_url->path = s; - } + } } else { char *s = emalloc(strlen(new_url->path) + 2); s[0] = '/'; s[1] = 0; -- cgit v1.2.1 From 5cccd6c5b6288231c4d556174f9ea1207b2e933a Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 24 Sep 2015 01:19:15 +0300 Subject: Fixed memory leak and avoid reallocations --- ext/soap/php_http.c | 147 ++++++++++++++++++++++++++++------------------------ 1 file changed, 79 insertions(+), 68 deletions(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index e85ed68381..de599b229a 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -25,7 +25,7 @@ #include "ext/standard/php_rand.h" static char *get_http_header_value(char *headers, char *type); -static int get_http_body(php_stream *socketd, int close, char *headers, char **response, int *out_size); +static zend_string *get_http_body(php_stream *socketd, int close, char *headers); static zend_string *get_http_headers(php_stream *socketd); #define smart_str_append_const(str, const) \ @@ -326,25 +326,25 @@ static int in_domain(const char *host, const char *domain) } } -int make_http_soap_request(zval *this_ptr, - char *buf, - int buf_size, - char *location, - char *soapaction, - int soap_version, - zval *return_value) +int make_http_soap_request(zval *this_ptr, + zend_string *buf, + char *location, + char *soapaction, + int soap_version, + zval *return_value) { - char *request; + zend_string *request; smart_str soap_headers = {0}; smart_str soap_headers_z = {0}; - int request_size, err; + int err; php_url *phpurl = NULL; php_stream *stream; zval *trace, *tmp; int use_proxy = 0; int use_ssl; - char *http_body, *content_type, *http_version, *cookie_itt; - int http_body_size, http_close; + zend_string *http_body; + char *content_type, *http_version, *cookie_itt; + int http_close; zend_string *http_headers; char *connection; int http_1_1; @@ -363,8 +363,7 @@ int make_http_soap_request(zval *this_ptr, return FALSE; } - request = buf; - request_size = buf_size; + request = buf; /* Compress request */ if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "compression", sizeof("compression")-1)) != NULL && Z_TYPE_P(tmp) == IS_LONG) { int level = Z_LVAL_P(tmp) & 0x0f; @@ -381,7 +380,7 @@ int make_http_soap_request(zval *this_ptr, zval params[3]; int n; - ZVAL_STRINGL(¶ms[0], buf, buf_size); + ZVAL_STR_COPY(¶ms[0], buf); ZVAL_LONG(¶ms[1], level); if (kind == SOAP_COMPRESSION_DEFLATE) { n = 2; @@ -397,13 +396,13 @@ int make_http_soap_request(zval *this_ptr, Z_TYPE(retval) == IS_STRING) { zval_ptr_dtor(¶ms[0]); zval_ptr_dtor(&func); -// TODO: free retval ??? - request = Z_STRVAL(retval); - request_size = Z_STRLEN(retval); + request = Z_STR(retval); } else { zval_ptr_dtor(¶ms[0]); zval_ptr_dtor(&func); - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } smart_str_free(&soap_headers_z); return FALSE; } @@ -439,7 +438,9 @@ int make_http_soap_request(zval *this_ptr, try_again: if (phpurl == NULL || phpurl->host == NULL) { if (phpurl != NULL) {php_url_free(phpurl);} - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } add_soap_fault(this_ptr, "HTTP", "Unable to parse URL", NULL, NULL); smart_str_free(&soap_headers_z); return FALSE; @@ -450,7 +451,9 @@ try_again: use_ssl = 1; } else if (phpurl->scheme == NULL || strcmp(phpurl->scheme, "http") != 0) { php_url_free(phpurl); - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } add_soap_fault(this_ptr, "HTTP", "Unknown protocol. Only http and https are allowed.", NULL, NULL); smart_str_free(&soap_headers_z); return FALSE; @@ -460,7 +463,9 @@ try_again: PG(allow_url_fopen) = 1; if (use_ssl && php_stream_locate_url_wrapper("https://", NULL, STREAM_LOCATE_WRAPPERS_ONLY) == NULL) { php_url_free(phpurl); - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } add_soap_fault(this_ptr, "HTTP", "SSL support is not available in this build", NULL, NULL); PG(allow_url_fopen) = old_allow_url_fopen; smart_str_free(&soap_headers_z); @@ -511,7 +516,9 @@ try_again: add_property_long(this_ptr, "_use_proxy", use_proxy); } else { php_url_free(phpurl); - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } add_soap_fault(this_ptr, "HTTP", "Could not connect to host", NULL, NULL); PG(allow_url_fopen) = old_allow_url_fopen; smart_str_free(&soap_headers_z); @@ -620,7 +627,7 @@ try_again: } } smart_str_append_const(&soap_headers,"Content-Length: "); - smart_str_append_long(&soap_headers, request_size); + smart_str_append_long(&soap_headers, request->len); smart_str_append_const(&soap_headers, "\r\n"); /* HTTP Authentication */ @@ -851,12 +858,14 @@ try_again: (Z_TYPE_P(trace) == IS_TRUE || (Z_TYPE_P(trace) == IS_LONG && Z_LVAL_P(trace) != 0))) { add_property_stringl(this_ptr, "__last_request_headers", ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s)); } - smart_str_appendl(&soap_headers, request, request_size); + smart_str_appendl(&soap_headers, request->val, request->len); smart_str_0(&soap_headers); err = php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s)); if (err != ZSTR_LEN(soap_headers.s)) { - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } php_stream_close(stream); zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1); zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1); @@ -883,7 +892,9 @@ try_again: do { http_headers = get_http_headers(stream); if (!http_headers) { - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } php_stream_close(stream); zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1); zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1); @@ -1053,8 +1064,12 @@ try_again: } } - if (!get_http_body(stream, http_close, ZSTR_VAL(http_headers), &http_body, &http_body_size)) { - if (request != buf) {efree(request);} + + http_body = get_http_body(stream, http_close, ZSTR_VAL(http_headers)); + if (!http_body) { + if (request != buf) { + zend_string_release(request); + } php_stream_close(stream); zend_string_release(http_headers); zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1); @@ -1067,7 +1082,9 @@ try_again: return FALSE; } - if (request != buf) {efree(request);} + if (request != buf) { + zend_string_release(request); + } if (http_close) { php_stream_close(stream); @@ -1085,7 +1102,7 @@ try_again: if (new_url != NULL) { zend_string_release(http_headers); - efree(http_body); + zend_string_release(http_body); efree(loc); if (new_url->scheme == NULL && new_url->path != NULL) { new_url->scheme = phpurl->scheme ? estrdup(phpurl->scheme) : NULL; @@ -1193,7 +1210,7 @@ try_again: efree(auth); zend_string_release(http_headers); - efree(http_body); + zend_string_release(http_body); goto try_again; } @@ -1243,15 +1260,15 @@ try_again: strcmp(content_encoding,"x-gzip") == 0) && zend_hash_str_exists(EG(function_table), "gzinflate", sizeof("gzinflate")-1)) { ZVAL_STRING(&func, "gzinflate"); - ZVAL_STRINGL(¶ms[0], http_body+10, http_body_size-10); + ZVAL_STRINGL(¶ms[0], http_body->val+10, http_body->len-10); } else if (strcmp(content_encoding,"deflate") == 0 && zend_hash_str_exists(EG(function_table), "gzuncompress", sizeof("gzuncompress")-1)) { ZVAL_STRING(&func, "gzuncompress"); - ZVAL_STRINGL(¶ms[0], http_body, http_body_size); + ZVAL_STR_COPY(¶ms[0], http_body); } else { efree(content_encoding); zend_string_release(http_headers); - efree(http_body); + zend_string_release(http_body); if (http_msg) { efree(http_msg); } @@ -1262,14 +1279,14 @@ try_again: Z_TYPE(retval) == IS_STRING) { zval_ptr_dtor(¶ms[0]); zval_ptr_dtor(&func); - efree(http_body); + zend_string_release(http_body); ZVAL_COPY_VALUE(return_value, &retval); } else { zval_ptr_dtor(¶ms[0]); zval_ptr_dtor(&func); efree(content_encoding); zend_string_release(http_headers); - efree(http_body); + zend_string_release(http_body); add_soap_fault(this_ptr, "HTTP", "Can't uncompress compressed response", NULL, NULL); if (http_msg) { efree(http_msg); @@ -1278,11 +1295,7 @@ try_again: } efree(content_encoding); } else { - // TODO: avoid reallocation ??? - //???*buffer = http_body; - //???*buffer_len = http_body_size; - ZVAL_STRINGL(return_value, http_body, http_body_size); - efree(http_body); + ZVAL_STR(return_value, http_body); } zend_string_release(http_headers); @@ -1359,9 +1372,10 @@ static char *get_http_header_value(char *headers, char *type) return NULL; } -static int get_http_body(php_stream *stream, int close, char *headers, char **response, int *out_size) +static zend_string* get_http_body(php_stream *stream, int close, char *headers) { - char *header, *http_buf = NULL; + zend_string *http_buf = NULL; + char *header; int header_close = close, header_chunked = 0, header_length = 0, http_buf_size = 0; if (!close) { @@ -1382,11 +1396,7 @@ static int get_http_body(php_stream *stream, int close, char *headers, char **r efree(header); if (!header_length && !header_chunked) { /* Empty response */ - http_buf = emalloc(1); - http_buf[0] = '\0'; - (*response) = http_buf; - (*out_size) = 0; - return TRUE; + return ZSTR_EMPTY_ALLOC(); } } @@ -1404,13 +1414,15 @@ static int get_http_body(php_stream *stream, int close, char *headers, char **r int len_size = 0; if (http_buf_size + buf_size + 1 < 0) { - efree(http_buf); - return FALSE; + if (http_buf) { + zend_string_release(http_buf); + } + return NULL; } - http_buf = erealloc(http_buf, http_buf_size + buf_size + 1); + http_buf = zend_string_realloc(http_buf, http_buf_size + buf_size, 0); while (len_size < buf_size) { - int len_read = php_stream_read(stream, http_buf + http_buf_size, buf_size - len_size); + int len_read = php_stream_read(stream, http_buf->val + http_buf_size, buf_size - len_size); if (len_read <= 0) { /* Error or EOF */ done = TRUE; @@ -1428,17 +1440,17 @@ static int get_http_body(php_stream *stream, int close, char *headers, char **r if (ch != '\n') { /* Somthing wrong in chunked encoding */ if (http_buf) { - efree(http_buf); + zend_string_release(http_buf); } - return FALSE; + return NULL; } } } else { /* Somthing wrong in chunked encoding */ if (http_buf) { - efree(http_buf); + zend_string_release(http_buf); } - return FALSE; + return NULL; } if (buf_size == 0) { done = TRUE; @@ -1459,16 +1471,16 @@ static int get_http_body(php_stream *stream, int close, char *headers, char **r } if (http_buf == NULL) { - http_buf = emalloc(1); + return ZSTR_EMPTY_ALLOC(); } } else if (header_length) { if (header_length < 0 || header_length >= INT_MAX) { - return FALSE; + return NULL; } - http_buf = safe_emalloc(1, header_length, 1); + http_buf = zend_string_alloc(header_length, 0); while (http_buf_size < header_length) { - int len_read = php_stream_read(stream, http_buf + http_buf_size, header_length - http_buf_size); + int len_read = php_stream_read(stream, http_buf->val + http_buf_size, header_length - http_buf_size); if (len_read <= 0) { break; } @@ -1477,20 +1489,19 @@ static int get_http_body(php_stream *stream, int close, char *headers, char **r } else if (header_close) { do { int len_read; - http_buf = erealloc(http_buf, http_buf_size + 4096 + 1); - len_read = php_stream_read(stream, http_buf + http_buf_size, 4096); + http_buf = zend_string_realloc(http_buf, http_buf_size + 4096 + 1, 0); + len_read = php_stream_read(stream, http_buf->val + http_buf_size, 4096); if (len_read > 0) { http_buf_size += len_read; } } while(!php_stream_eof(stream)); } else { - return FALSE; + return NULL; } - http_buf[http_buf_size] = '\0'; - (*response) = http_buf; - (*out_size) = http_buf_size; - return TRUE; + http_buf->val[http_buf_size] = '\0'; + http_buf->len = http_buf_size; + return http_buf; } static zend_string *get_http_headers(php_stream *stream) -- cgit v1.2.1 From a2cfcdfbe9f9ee18388b8ca1d788f43373fec31a Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Thu, 15 Oct 2015 10:19:43 +0800 Subject: Fixed bug #70709 (SOAP Client generates Segfault) --- ext/soap/php_http.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index de599b229a..005d3af196 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -1419,7 +1419,12 @@ static zend_string* get_http_body(php_stream *stream, int close, char *headers) } return NULL; } - http_buf = zend_string_realloc(http_buf, http_buf_size + buf_size, 0); + + if (http_buf) { + http_buf = zend_string_realloc(http_buf, http_buf_size + buf_size, 0); + } else { + http_buf = zend_string_alloc(buf_size, 0); + } while (len_size < buf_size) { int len_read = php_stream_read(stream, http_buf->val + http_buf_size, buf_size - len_size); -- cgit v1.2.1 From 88a69ffa58e8fdc8409bb567a2bd6b75b4232c41 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Thu, 15 Oct 2015 18:46:57 +0800 Subject: Fixed bug #70715 (Segmentation fault inside soap client) --- ext/soap/php_http.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 005d3af196..b9e45f61b5 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -1494,7 +1494,11 @@ static zend_string* get_http_body(php_stream *stream, int close, char *headers) } else if (header_close) { do { int len_read; - http_buf = zend_string_realloc(http_buf, http_buf_size + 4096 + 1, 0); + if (http_buf) { + http_buf = zend_string_realloc(http_buf, http_buf_size + 4096, 0); + } else { + http_buf = zend_string_alloc(4096, 0); + } len_read = php_stream_read(stream, http_buf->val + http_buf_size, 4096); if (len_read > 0) { http_buf_size += len_read; -- cgit v1.2.1 From 49493a2dcfb2cd1758b69b13d9006ead3be0e066 Mon Sep 17 00:00:00 2001 From: Lior Kaplan Date: Fri, 1 Jan 2016 19:19:27 +0200 Subject: Happy new year (Update copyright to 2016) --- ext/soap/php_http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index c8eba98bc8..324609197a 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2015 The PHP Group | + | Copyright (c) 1997-2016 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | -- cgit v1.2.1 From eaf4e77190d402ea014207e9a7d5da1a4f3727ba Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 21 Feb 2016 23:45:57 -0800 Subject: Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request() --- ext/soap/php_http.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 2baa0fa3ff..a2d0b6207d 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -833,8 +833,10 @@ try_again: Z_TYPE_P(value) == IS_STRING) { zval *tmp; if (((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 1)) == NULL || + Z_TYPE_P(tmp) != IS_STRING || strncmp(phpurl->path?phpurl->path:"/",Z_STRVAL_P(tmp),Z_STRLEN_P(tmp)) == 0) && ((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 2)) == NULL || + Z_TYPE_P(tmp) != IS_STRING || in_domain(phpurl->host,Z_STRVAL_P(tmp))) && (use_ssl || (tmp = zend_hash_index_find(Z_ARRVAL_P(data), 3)) == NULL)) { smart_str_append(&soap_headers, key); -- cgit v1.2.1 From 5602f6421372848a6fbb23fbe6bbca47d94dd49a Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 3 Mar 2016 23:13:50 +0100 Subject: Eliminate usages of _PP macros These are either in debug code (fix them), commented out (drop them) or in dead compatibility macros (drop them). One usage was in php_stream_get_from_zval(), which we have not used since at least PHP 5.2 and, judging from the fact that nobody complained about it causing compile errors in PHP 7, nobody else uses it either, so drop it. There are still remaining uses in mysqli embedded and odbc birdstep. These probably need to be dropped outright. --- ext/soap/php_http.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'ext/soap/php_http.c') diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index a2d0b6207d..7c9183613c 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -700,16 +700,6 @@ try_again: PHP_MD5Update(&md5ctx, (unsigned char*)phpurl->query, strlen(phpurl->query)); } - /* TODO: Support for qop="auth-int" */ -/* - if (zend_hash_find(Z_ARRVAL_PP(digest), "qop", sizeof("qop"), (void **)&tmp) == SUCCESS && - Z_TYPE_PP(tmp) == IS_STRING && - Z_STRLEN_PP(tmp) == sizeof("auth-int")-1 && - stricmp(Z_STRVAL_PP(tmp), "auth-int") == 0) { - PHP_MD5Update(&md5ctx, ":", 1); - PHP_MD5Update(&md5ctx, HEntity, HASHHEXLEN); - } -*/ PHP_MD5Final(hash, &md5ctx); make_digest(HA2, hash); -- cgit v1.2.1