php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #58906 Non string params array value crashes PHP
Submitted: 2009-10-19 12:04 UTC Modified: 2009-10-25 00:43 UTC
From: andrew at topdog dot za dot net Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.2.10 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: andrew at topdog dot za dot net
New email:
PHP Version: OS:

 

 [2009-10-19 12:04 UTC] andrew at topdog dot za dot net 
Description:
------------
The oauth_http_build_query does not verify the data that the user submits via the extra_parameters array in the fetch method.

param_value = oauth_url_encode(Z_STRVAL_PP((zval**)cur_val)); 

This assumes that the user submits a string value in the extra_parameters array, if however the user submits an integer value as the array value, PHP crashes with out of bounds memory error. 

-Works
$arrayResp = $o->fetch("https://fireeagle.yahooapis.com/api/0.1/update",array("postal" => "95054"));

-Crashes
$arrayResp = $o->fetch("https://fireeagle.yahooapis.com/api/0.1/update",array("postal" => 95054));

Reproduce code:
---------------
This will crash.

$arrayResp = $o->fetch("https://fireeagle.yahooapis.com/api/0.1/update",array("postal" => 95054));

This does not as it is a string.

$arrayResp = $o->fetch("https://fireeagle.yahooapis.com/api/0.1/update",array("postal" => "95054"));

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-25 00:43 UTC] datibbaw@php.net 
This is fixed in the trunk:

http://svn.php.net/viewvc?view=revision&revision=289198

Duplicate of #16853
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC