From 8584cc010aaf5dfa9e314d3e8f2eb14aee78225b Mon Sep 17 00:00:00 2001 From: George Wang Date: Wed, 25 Feb 2015 10:48:19 -0500 Subject: Fixed a bug that header value is not terminated by '\0' when accessed through getenv(). --- sapi/litespeed/lsapilib.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 3d1513ac50..baf0db3797 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -1390,10 +1390,12 @@ char * LSAPI_GetHeader_r( LSAPI_Request * pReq, int headerIndex ) off = pReq->m_pHeaderIndex->m_headerOff[ headerIndex ]; if ( !off ) return NULL; - if ( *(pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) - *( pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + if ( *(pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) + { + *( pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + } return pReq->m_pHttpHeader + off; } @@ -1830,12 +1832,21 @@ ssize_t LSAPI_Write_Stderr_r( LSAPI_Request * pReq, const char * pBuf, size_t le static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) { int i; + char * pValue; for( i = 0; i < H_TRANSFER_ENCODING; ++i ) { if ( pReq->m_pHeaderIndex->m_headerOff[i] ) { if ( strcmp( name, CGI_HEADERS[i] ) == 0 ) - return pReq->m_pHttpHeader + pReq->m_pHeaderIndex->m_headerOff[i]; + { + pValue = pReq->m_pHttpHeader + + pReq->m_pHeaderIndex->m_headerOff[i]; + if ( *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) != '\0') + { + *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) = '\0'; + } + return pValue; + } } } if ( pReq->m_pHeader->m_cntUnknownHeaders > 0 ) @@ -1862,7 +1873,15 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) ++p; ++pKey; } if (( pKey == pKeyEnd )&& (!*p )) - return pReq->m_pHttpHeader + pCur->valueOff; + { + pValue = pReq->m_pHttpHeader + pCur->valueOff; + + if ( *(pValue + pCur->valueLen) != '\0') + { + *(pValue + pCur->valueLen) = '\0'; + } + return pValue; + } ++pCur; } } -- cgit v1.2.1 From d5248f67b58ac3107fec82c5b937fc3f4c89784a Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 2 Mar 2015 12:27:36 +0300 Subject: Check variable type before its usage as IS_ARRAY. --- ext/soap/soap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/soap/soap.c b/ext/soap/soap.c index eaa57d9032..8790605f8e 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -2884,7 +2884,8 @@ PHP_METHOD(SoapClient, __call) } /* Add default headers */ - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS && + Z_TYPE_PP(tmp) == IS_ARRAY) { HashTable *default_headers = Z_ARRVAL_P(*tmp); if (soap_headers) { if (!free_soap_headers) { -- cgit v1.2.1 From 34f09b62408759e9d8754ccdd790c6586507a4d2 Mon Sep 17 00:00:00 2001 From: Reeze Xia Date: Tue, 3 Mar 2015 11:25:30 +0800 Subject: Fixed bug #67741 (auto_prepend_file messes up __LINE__) This also fixes bug #54081 --- main/main.c | 15 ++++++++++++++- sapi/cli/tests/bug67741.phpt | 17 +++++++++++++++++ sapi/cli/tests/bug67741_stub.inc | 3 +++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 sapi/cli/tests/bug67741.phpt create mode 100644 sapi/cli/tests/bug67741_stub.inc diff --git a/main/main.c b/main/main.c index 8f5bac17b9..9f7c15354a 100644 --- a/main/main.c +++ b/main/main.c @@ -2507,8 +2507,21 @@ PHPAPI int php_execute_script(zend_file_handle *primary_file TSRMLS_DC) #endif zend_set_timeout(INI_INT("max_execution_time"), 0); } - retval = (zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC, NULL, 3, prepend_file_p, primary_file, append_file_p) == SUCCESS); + { + /* + If cli primary file has shabang line and there is a prepend file, + the `start_lineno` will be used by prepend file but not primary file, + save it and restore after prepend file been executed. + */ + int orig_start_lineno = CG(start_lineno); + + CG(start_lineno) = 0; + retval = (zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC, NULL, 1, prepend_file_p) == SUCCESS); + CG(start_lineno) = orig_start_lineno; + + retval = retval && (zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC, NULL, 2, primary_file, append_file_p) == SUCCESS); + } } zend_end_try(); #if HAVE_BROKEN_GETCWD diff --git a/sapi/cli/tests/bug67741.phpt b/sapi/cli/tests/bug67741.phpt new file mode 100644 index 0000000000..df0981443f --- /dev/null +++ b/sapi/cli/tests/bug67741.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #67741 (auto_prepend_file messes up __LINE__) +--INI-- +include_path={PWD} +auto_prepend_file=bug67741_stub.inc +--SKIPIF-- + +--FILE-- +#!/bin/env php + +--EXPECT-- +prepend lineno: 2 +primary lineno: 3 \ No newline at end of file diff --git a/sapi/cli/tests/bug67741_stub.inc b/sapi/cli/tests/bug67741_stub.inc new file mode 100644 index 0000000000..4d7470ea29 --- /dev/null +++ b/sapi/cli/tests/bug67741_stub.inc @@ -0,0 +1,3 @@ + -- cgit v1.2.1 From 0c136a2abd49298b66acb0cad504f0f972f5bfe8 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Tue, 3 Mar 2015 09:44:46 +0300 Subject: Added type checks --- ext/soap/php_encoding.c | 9 ++++++--- ext/soap/php_http.c | 23 +++++++++++++++-------- ext/soap/soap.c | 41 +++++++++++++++++++++++++---------------- 3 files changed, 46 insertions(+), 27 deletions(-) diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index 5e93b8af0d..fd9e367872 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -3649,18 +3649,21 @@ static encodePtr get_array_type(xmlNodePtr node, zval *array, smart_str *type TS Z_OBJCE_PP(tmp) == soap_var_class_entry) { zval **ztype; - if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE || + Z_TYPE_PP(ztype) != IS_LONG) { soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property"); } cur_type = Z_LVAL_PP(ztype); - if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS && + Z_TYPE_PP(ztype) == IS_STRING) { cur_stype = Z_STRVAL_PP(ztype); } else { cur_stype = NULL; } - if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS && + Z_TYPE_PP(ztype) == IS_STRING) { cur_ns = Z_STRVAL_PP(ztype); } else { cur_ns = NULL; diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 9e74a7cc40..8c5082ca30 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -36,14 +36,16 @@ int proxy_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC) { zval **login, **password; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS && + Z_TYPE_PP(login) == IS_STRING) { unsigned char* buf; int len; smart_str auth = {0}; smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login)); smart_str_appendc(&auth, ':'); - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS && + Z_TYPE_PP(password) == IS_STRING) { smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password)); } smart_str_0(&auth); @@ -64,14 +66,16 @@ int basic_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC) zval **login, **password; if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login"), (void **)&login) == SUCCESS && - !zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) { + Z_TYPE_PP(login) == IS_STRING && + !zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) { unsigned char* buf; int len; smart_str auth = {0}; smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login)); smart_str_appendc(&auth, ':'); - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS && + Z_TYPE_PP(password) == IS_STRING) { smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password)); } smart_str_0(&auth); @@ -509,6 +513,7 @@ try_again: } if (!http_1_1 || (zend_hash_find(Z_OBJPROP_P(this_ptr), "_keep_alive", sizeof("_keep_alive"), (void **)&tmp) == SUCCESS && + (Z_TYPE_PP(tmp) == IS_BOOL || Z_TYPE_PP(tmp) == IS_LONG) && Z_LVAL_PP(tmp) == 0)) { smart_str_append_const(&soap_headers, "\r\n" "Connection: close\r\n"); @@ -742,7 +747,8 @@ try_again: } /* Send cookies along with request */ - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS && + Z_TYPE_PP(cookies) == IS_ARRAY) { zval **data; char *key; int i, n; @@ -785,7 +791,7 @@ try_again: smart_str_append_const(&soap_headers, "\r\n"); smart_str_0(&soap_headers); if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_request_headers", soap_headers.c, soap_headers.len, 1); } smart_str_appendl(&soap_headers, request, request_size); @@ -830,7 +836,7 @@ try_again: } if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_response_headers", http_headers, http_header_size, 1); } @@ -879,7 +885,8 @@ try_again: char *eqpos, *sempos; zval **cookies; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE || + Z_TYPE_PP(cookies) != IS_ARRAY) { zval *tmp_cookies; MAKE_STD_ZVAL(tmp_cookies); array_init(tmp_cookies); diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 8790605f8e..9ec6347223 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -2554,7 +2554,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act } if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_request", buf, buf_size, 1); } @@ -2594,7 +2594,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act } ret = FALSE; } else if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_response", Z_STRVAL_P(response), Z_STRLEN_P(response), 1); } xmlFree(buf); @@ -2633,13 +2633,13 @@ static void do_soap_call(zval* this_ptr, SOAP_CLIENT_BEGIN_CODE(); - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS - && Z_LVAL_PP(trace) > 0) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && + (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request")); zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response")); } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS - && Z_LVAL_PP(tmp) == SOAP_1_2) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_LONG && Z_LVAL_PP(tmp) == SOAP_1_2) { soap_version = SOAP_1_2; } else { soap_version = SOAP_1_1; @@ -2735,7 +2735,7 @@ static void do_soap_call(zval* this_ptr, zval **uri; smart_str action = {0}; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE || Z_TYPE_PP(uri) != IS_STRING) { add_soap_fault(this_ptr, "Client", "Error finding \"uri\" property", NULL, NULL TSRMLS_CC); } else if (location == NULL) { add_soap_fault(this_ptr, "Client", "Error could not find \"location\" property", NULL, NULL TSRMLS_CC); @@ -3006,7 +3006,8 @@ PHP_METHOD(SoapClient, __getLastRequest) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3024,7 +3025,8 @@ PHP_METHOD(SoapClient, __getLastResponse) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3042,7 +3044,8 @@ PHP_METHOD(SoapClient, __getLastRequestHeaders) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3060,7 +3063,8 @@ PHP_METHOD(SoapClient, __getLastResponseHeaders) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3116,13 +3120,15 @@ PHP_METHOD(SoapClient, __setCookie) } if (val == NULL) { - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS && + Z_TYPE_PP(cookies) == IS_ARRAY) { zend_hash_del(Z_ARRVAL_PP(cookies), name, name_len+1); } } else { zval *zcookie; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE || + Z_TYPE_PP(cookies) != IS_ARRAY) { zval *tmp_cookies; MAKE_STD_ZVAL(tmp_cookies); @@ -3150,7 +3156,8 @@ PHP_METHOD(SoapClient, __getCookies) array_init(return_value); - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) != FAILURE) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) != FAILURE && + Z_TYPE_PP(cookies) == IS_ARRAY) { zend_hash_copy(Z_ARRVAL_P(return_value), Z_ARRVAL_P(*cookies), (copy_ctor_func_t) zval_add_ref, (void *)&tmp, sizeof(zval*)); } } @@ -4237,7 +4244,8 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function } } } else { - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS && + Z_TYPE_PP(zstyle) == IS_LONG) { style = Z_LVAL_PP(zstyle); } else { style = SOAP_RPC; @@ -4260,7 +4268,7 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function } if (zend_hash_find(Z_OBJPROP_P(this_ptr), "use", sizeof("use"), (void **)&zuse) == SUCCESS && - Z_LVAL_PP(zuse) == SOAP_LITERAL) { + Z_TYPE_PP(zuse) == IS_LONG && Z_LVAL_PP(zuse) == SOAP_LITERAL) { use = SOAP_LITERAL; } else { use = SOAP_ENCODED; @@ -4390,6 +4398,7 @@ static xmlNodePtr serialize_parameter(sdlParamPtr param, zval *param_val, int in zval **param_data; if (zend_hash_find(Z_OBJPROP_P(param_val), "param_name", sizeof("param_name"), (void **)¶m_name) == SUCCESS && + Z_TYPE_PP(param_name) == IS_STRING && zend_hash_find(Z_OBJPROP_P(param_val), "param_data", sizeof("param_data"), (void **)¶m_data) == SUCCESS) { param_val = *param_data; name = Z_STRVAL_PP(param_name); -- cgit v1.2.1