|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27722 Better pointer check to avoid crashes
Submitted: 2004-03-26 13:10 UTC Modified: 2004-04-01 08:37 UTC
From: fjortiz at comunet dot es Assigned: dmitry (profile)
Status: Closed Package: SOAP related
PHP Version: 5.0.0RC1 OS: *
Private report: No CVE-ID: None
 [2004-03-26 13:10 UTC] fjortiz at comunet dot es

In my WSDL I defined a schema and forgot the attibute "targetNamespace". I know that's something you shoudn't forget, but, instead making Apache crash, wouldn't it be more robust to check for NULL pointers and send a gentle error?

Fortunately I have a debug PHP5RC1 installed so I located the crash:

php_schema.c line 1410

newType->namens = estrdup(ns->children->content);

Sure it crashes, ns==NULL ...

I guess it's the same problem for other retrieved elements/attributes. PHP-SOAP should be capable of trapping any unvalidated XML.

If you are short of time I even offer myself to do some of that nasty pointer-check around.

Thanks for your attention and your great efforts.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-26 13:25 UTC]
We're always happy to take patches.
 [2004-03-30 03:27 UTC] fjortiz at comunet dot es
well, we could add in
php_schema.c Line 190
if (tns==NULL)	{
 php_error(E_ERROR, "SOAP-ERROR: Parsing Schema: need a 'targetNamespace' attribute");

and that's all, but it's also true that targetNamespace is not mandatory at schema element AFAIK. 

Even more, we check for a targetNamespace attr. in a complexType element (line 1368) and others, when it does not validate properly.

So I leave here this patch

> 	if (tns==NULL)	{
> 		php_error(E_ERROR, "SOAP-ERROR: Parsing Schema: need a 'targetNamespace' a
> 	}

to avoid crash, as PHP-SOAP needs it, but you may want to consider something different and create some kind of "default" or "absent" targetNamespace.
 [2004-04-01 08:37 UTC]
Fixed in PHP 5.0.0RC2-DEV CVS.
Now ext/soap supports shemas without targetNamespace.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Feb 22 12:01:29 2024 UTC