php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38493 xmlrpc_encode_request(666, array()) crashes php
Submitted: 2006-08-18 10:02 UTC Modified: 2006-08-18 10:20 UTC
From: giunta dot gaetano at sea-aeroportimilano dot it Assigned:
Status: Closed Package: XMLRPC-EPI related
PHP Version: 4.4.4 OS: windows 2000
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: giunta dot gaetano at sea-aeroportimilano dot it
New email:
PHP Version: OS:

 

 [2006-08-18 10:02 UTC] giunta dot gaetano at sea-aeroportimilano dot it
Description:
------------
xmlrpc_encode_request(666, array()) brings apache and php down in flames.

I know that a user would better not use this, but instead
xmlrpc_encode_request('666', array()), but
- the xmlrpc spec allows method names to be made of numbers only
- php is weakly typed
- a php error msg would be better than a php crash anyway

BTW: the bug is on line 674 of xmlrpc-epi.php.c (as of 4.4.3), where the zval string value is used without proper checking for its type first. Afaict a cast to string before using the value would fix it.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-18 10:20 UTC] giunta dot gaetano at sea-aeroportimilano dot it
DOH, I was offline this week while doing some testing of the xmlrpc extension. Just peeked into CVS and found out that the bug has already been fixed by Antony - but without an entry in the 444/514 changelog...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 02:01:28 2024 UTC