PHP :: Bug #10082 :: curl_setopt with CURLOPT

Bug #10082	curl_setopt with CURLOPT_HTTPHEADER option is broken
Submitted:	2001-03-30 14:43 UTC	Modified:	2001-04-24 18:13 UTC
From:	rooneg at electricjellyfish dot net	Assigned:
Status:	Closed	Package:	cURL related
PHP Version:	4.0 Latest CVS (30/03/2001)	OS:	FreeBSD 4.3
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-03-30 14:43 UTC] rooneg at electricjellyfish dot net

The CURLOPT_HTTPHEADER option for curl_setopt does not
currently work correctly.  in the 4.0.4pl1 release, it
didn't work at all because the constant CURLOPT_HTTPHEADER
was mistakenly defined to CURLOPT_HEADER instead of the
correct value.  That appears to have been corrected in cvs.
 The fix is not complete however.  In lines 486 and 487 of
curl.c you are mallocing memory for a curl_slist and zeroing
it out, then using curl_slist_append later to add things to
the list.  This is incorrect.  curl_slist_append should
initially be called with a null pointer as its list, and it
will correctly allocate the memory itself.  If you allocate
and zero the memory, that adds an item at the beginning of
the list which is empty.  Later, when you try to execute
with curl_exec, it will crash because it trys to do a
strncmp against a null pointer inside your list object.

simply removing lines 486 and 487 will make everything work
properly.

a patch versus the latest cvs is attached below.

appologies for any trouble applying this, as i had to cut
and paste it into the web form.


Index: curl.c
===================================================================
RCS file: /repository/php4/ext/curl/curl.c,v
retrieving revision 1.41
diff -u -r1.41 curl.c
--- curl.c      2001/03/20 21:30:42     1.41
+++ curl.c      2001/03/30 19:37:40
@@ -483,9 +483,6 @@
                                        RETURN_FALSE;
                                }

-                               header =
emalloc(sizeof(struct curl_slist));
-                               memset(header, 0,
sizeof(struct curl_slist));
-                               
                                for
(zend_hash_internal_pointer_reset(headers);
                                    
zend_hash_get_current_data(headers, (void *
*)&current) == SUCCESS;
                                        
zend_hash_move_forward(headers)) {

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-03-30 14:55 UTC] rooneg at electricjellyfish dot net

Another thing that occured to me:

The later crash could be missed if you haven't set a
User-Agent header yourself.  When i set CURLOPT_USERAGENT
and then use CURLOPT_HTTPHEADER i get the crash.  It looks
like you won't get that unless you set USERAGENT, but I
haven't tested that case.  In any event, the way it's
currently done is still wrong.

[2001-04-02 15:26 UTC] rooneg at electricjellyfish dot net

And in a related problem, it seems that if you specify
CURLOPT_RETURNTRANSFER, in some cases you can get a
truncated response due to two off by one errors.  at the
bottom of the curl_exec function, there is a line

 ret_data[stat_sb.st_size - 1] = '\0';

this is wrong, as it sets the next to last character of the
array to null, when it should be setting the last character.
 it should be replaced with

ret_data[stat_sb.st_size] = '\0';

similarly, the return line at the end is currently

RETURN_STRINGL(ret_data, stat_sb.st_size, 0);

which has a size that is one too short, so it should really be 

RETURN_STRINGL(ret_data, stat_sb.st_size + 1, 0);

since you have allocated an array that is st_size + 1 bytes
long, and filled it completely from the tmp file.

[2001-04-24 18:13 UTC] sterling@php.net

Changes incorporated in CVS, thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 21:01:29 2024 UTC