php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61548 content-type must appear at the end of headers for 201 Location to work in http
Submitted: 2012-03-28 22:14 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: david at greenseedtechnologies dot com Assigned:
Status: Closed Package: HTTP related
PHP Version: 5.3.10 OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: david at greenseedtechnologies dot com
New email:
PHP Version: OS:

 

 [2012-03-28 22:14 UTC] david at greenseedtechnologies dot com
Description:
------------
Line 445 of http_fopen_wrapper.c
only works of the content-type is at the end of a list of header fields in the 
context. It fails if it is in the middle, or the beginning.

memmove(tmp, tmp + (s2 + 1 - tmp_c), tmp_c + l - 1 - s2);

To see the problem watch the HTTP stream in something like WireShark.


Test script:
---------------
<?php
$http = array(
   'header' =>
      null
      ."AnyHeader: 1\r\n"
      // BUG on line 445 of http_fopen_wrapper.c of PHP: content_type cannot be in the middle of headers.
      ."Content-type: anythingyouwanthere\r\n"
      ."SomeOtherHeader: 2\r\n"
);
/*
PHP incorrectly sends across when following the "Location":
GET /services/storm/lead HTTP/1.0
Host: storm
SomeOtherHeader: 2ent-type: anythingyouwanthere
SomeOtherHeader: 2
 */
$http['method'] = 'POST';
$options = array('http' => $http);
$context = stream_context_create($options);
$result = file_get_contents('http://some/url/that/resturns/201/and/has/a/Location/in/the/header', false, $context);


Expected result:
----------------
GET /services/storm/lead HTTP/1.0
Host: storm
AnyHeader: 1
SomeOtherHeader: 2

Actual result:
--------------
GET /services/storm/lead HTTP/1.0
Host: storm
SomeOtherHeader: 2ent-type: anythingyouwanthere
SomeOtherHeader: 2

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-10-01 09:13 UTC] mike@php.net
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src.git;a=commit;h=18b04b480ebc41841b2004cc11797eda40fb3958
Log: Fixed bug #61548
 [2013-10-01 09:13 UTC] mike@php.net
-Status: Open +Status: Closed
 [2014-10-07 23:17 UTC] stas@php.net
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=18b04b480ebc41841b2004cc11797eda40fb3958
Log: Fixed bug #61548
 [2014-10-07 23:28 UTC] stas@php.net
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=18b04b480ebc41841b2004cc11797eda40fb3958
Log: Fixed bug #61548
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 20:01:31 2024 UTC