php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54312 soap_version logic bug
Submitted: 2011-03-19 07:29 UTC Modified: 2011-03-19 18:38 UTC
From: tom at samplonius dot org Assigned: felipe (profile)
Status: Closed Package: SOAP related
PHP Version: 5.3.6 OS: CentOS 4
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tom at samplonius dot org
New email:
PHP Version: OS:

 

 [2011-03-19 07:29 UTC] tom at samplonius dot org
Description:
------------
This code in soap.c:

if (zend_hash_find(ht, "soap_version", sizeof("soap_version"), (void**)&tmp) == SUCCESS) {
  if (Z_TYPE_PP(tmp) == IS_LONG ||
    (Z_LVAL_PP(tmp) == SOAP_1_1 && Z_LVAL_PP(tmp) == SOAP_1_2)) {
      version = Z_LVAL_PP(tmp);
  }
}

has a problem with the second line of the inner if statement.  Z_LVAL_PP(tmp) can't be both equal to SOAP_1_1 and SOAP_1_2, so this part will always be false.

Plus, the "||" logic seems wrong too.  It appears that if the type is IS_LONG, then any value is accepted.  

Patch is attached.

It looks like the logic is inverted.  || should && and && should be ||:

if (zend_hash_find(ht, "soap_version", sizeof("soap_version"), (void**)&tmp) == SUCCESS) {
  if (Z_TYPE_PP(tmp) == IS_LONG &&
    (Z_LVAL_PP(tmp) == SOAP_1_1 || Z_LVAL_PP(tmp) == SOAP_1_2)) {
      version = Z_LVAL_PP(tmp);
  }
}



Patches

soap.c.patch (last revision 2011-03-19 06:30 UTC by tom at samplonius dot org)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-19 18:36 UTC] felipe@php.net
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&revision=309433
Log: - Fixed bug #54312 (soap_version logic bug)
  Patch by: tom at samplonius dot org
 [2011-03-19 18:38 UTC] felipe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2011-03-19 18:38 UTC] felipe@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks for the patch! :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC