php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27687 Bug Adding Default Charset to "text/*" Content-Type Header
Submitted: 2004-03-24 23:13 UTC Modified: 2004-03-26 20:47 UTC
From: msisolak at yahoo dot com Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.3.5, 5.0.0RC1 OS: *
Private report: No CVE-ID:
 [2004-03-24 23:13 UTC] msisolak at yahoo dot com
Description:
------------
There is a bug in the sapi_header_op() function in main/sapi.c (referencing the 5.0.0RC1 line numbers).  In the special case for the Content-Type header starting on line 560 is this code:

size_t len = header_line_len - (ptr - header_line), newlen;
while (*ptr == ' ' && *ptr != '\0') {
	ptr++;
}

The mistake is in calculating the len based on the location of ptr, but then adjusting ptr up to shorten the string to remove leading spaces without also adjusting len down.  The len variable ends up being one character too long for each space removed from between the colon and the content type.  This extra space propagates through and ends up causing random extra characters on the end of the Content-Type line in the output headers (one for each space skipped).

Suggested patch:

--- sapi.c.orig	Wed Mar 24 23:07:58 2004
+++ sapi.c	Wed Mar 24 23:08:04 2004
@@ -562,6 +562,7 @@
 				size_t len = header_line_len - (ptr - header_line), newlen;
 				while (*ptr == ' ' && *ptr != '\0') {
 					ptr++;
+					len--;
 				}
 #if HAVE_ZLIB
 				if(!strncmp(ptr, "image/", sizeof("image/")-1)) {



Reproduce code:
---------------
<?php
	header("Content-Type: text/plain");
?>

Expected result:
----------------
The Content-Type header delivered with my default character set attached ("utf-8"):

Content-Type: text/plain;charset=utf-8

Actual result:
--------------
Becuase the length is overstated by one, there is an extra character attached to the end of the Content-Type header.  Running IIS CGI this character is an ascii-Z and IIS reports "not all headers returned."

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-25 03:33 UTC] helly@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2004-03-25 03:38 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 21:01:55 2014 UTC