From efc52f1754524327facffc9f7eea72560e1c03e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabr=C3=ADel=20Arth=C3=BAr=20P=C3=A9tursson?=
 <gabriel.arthur.petursson@advania.is>
Date: Wed, 16 Sep 2020 14:18:00 +0000
Subject: ext/soap: Compare Set-Cookie header case-insensitively

Closes GH-6143.
---
 ext/soap/php_http.c | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

(limited to 'ext/soap')

diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index b054d9ba9e..75dbdf069e 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -23,6 +23,7 @@
 #include "ext/standard/md5.h"
 #include "ext/standard/php_random.h"
 
+static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
 static char *get_http_header_value(char *headers, char *type);
 static zend_string *get_http_body(php_stream *socketd, int close, char *headers);
 static zend_string *get_http_headers(php_stream *socketd);
@@ -350,6 +351,7 @@ int make_http_soap_request(zval        *this_ptr,
 	int use_ssl;
 	zend_string *http_body;
 	char *content_type, *http_version, *cookie_itt;
+	size_t cookie_len;
 	int http_close;
 	zend_string *http_headers;
 	char *connection;
@@ -968,8 +970,9 @@ try_again:
 	   we shouldn't be changing urls so path doesn't
 	   matter too much
 	*/
-	cookie_itt = strstr(ZSTR_VAL(http_headers), "Set-Cookie: ");
-	while (cookie_itt) {
+	cookie_itt = ZSTR_VAL(http_headers);
+
+	while ((cookie_itt = get_http_header_value_nodup(cookie_itt, "Set-Cookie: ", &cookie_len))) {
 		char *cookie;
 		char *eqpos, *sempos;
 		zval *cookies;
@@ -981,7 +984,7 @@ try_again:
 			cookies = zend_hash_str_update(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies")-1, &tmp_cookies);
 		}
 
-		cookie = get_http_header_value(cookie_itt,"Set-Cookie: ");
+		cookie = estrndup(cookie_itt, cookie_len);
 
 		eqpos = strstr(cookie, "=");
 		sempos = strstr(cookie, ";");
@@ -1039,7 +1042,7 @@ try_again:
 			smart_str_free(&name);
 		}
 
-		cookie_itt = strstr(cookie_itt + sizeof("Set-Cookie: "), "Set-Cookie: ");
+		cookie_itt = cookie_itt + cookie_len;
 		efree(cookie);
 	}
 
@@ -1357,7 +1360,7 @@ try_again:
 	return TRUE;
 }
 
-static char *get_http_header_value(char *headers, char *type)
+static char *get_http_header_value_nodup(char *headers, char *type, size_t *len)
 {
 	char *pos, *tmp = NULL;
 	int typelen, headerslen;
@@ -1394,7 +1397,9 @@ static char *get_http_header_value(char *headers, char *type)
 					eol--;
 				}
 			}
-			return estrndup(tmp, eol - tmp);
+
+			*len = eol - tmp;
+			return tmp;
 		}
 
 		/* find next line */
@@ -1408,6 +1413,20 @@ static char *get_http_header_value(char *headers, char *type)
 	return NULL;
 }
 
+static char *get_http_header_value(char *headers, char *type)
+{
+	size_t len;
+	char *value;
+
+	value = get_http_header_value_nodup(headers, type, &len);
+
+	if (value) {
+		return estrndup(value, len);
+	}
+
+	return NULL;
+}
+
 static zend_string* get_http_body(php_stream *stream, int close, char *headers)
 {
 	zend_string *http_buf = NULL;
-- 
cgit v1.2.1