php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27722 Better pointer check to avoid crashes
Submitted: 2004-03-26 13:10 UTC Modified: 2004-04-01 08:37 UTC
From: fjortiz at comunet dot es Assigned: dmitry
Status: Closed Package: SOAP related
PHP Version: 5.0.0RC1 OS: *
Private report: No CVE-ID:
 [2004-03-26 13:10 UTC] fjortiz at comunet dot es
Description:
------------
Hi,

In my WSDL I defined a schema and forgot the attibute "targetNamespace". I know that's something you shoudn't forget, but, instead making Apache crash, wouldn't it be more robust to check for NULL pointers and send a gentle error?

Fortunately I have a debug PHP5RC1 installed so I located the crash:

php_schema.c line 1410

newType->namens = estrdup(ns->children->content);

Sure it crashes, ns==NULL ...

I guess it's the same problem for other retrieved elements/attributes. PHP-SOAP should be capable of trapping any unvalidated XML.

If you are short of time I even offer myself to do some of that nasty pointer-check around.

Thanks for your attention and your great efforts.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-26 13:25 UTC] amt@php.net
We're always happy to take patches.
 [2004-03-30 03:27 UTC] fjortiz at comunet dot es
well, we could add in
php_schema.c Line 190
if (tns==NULL)	{
 php_error(E_ERROR, "SOAP-ERROR: Parsing Schema: need a 'targetNamespace' attribute");
}

and that's all, but it's also true that targetNamespace is not mandatory at schema element AFAIK. 

Even more, we check for a targetNamespace attr. in a complexType element (line 1368) and others, when it does not validate properly.

So I leave here this patch

189a190,191
> 	if (tns==NULL)	{
> 		php_error(E_ERROR, "SOAP-ERROR: Parsing Schema: need a 'targetNamespace' a
> 	}

to avoid crash, as PHP-SOAP needs it, but you may want to consider something different and create some kind of "default" or "absent" targetNamespace.
 [2004-04-01 08:37 UTC] dmitry@php.net
Fixed in PHP 5.0.0RC2-DEV CVS.
Now ext/soap supports shemas without targetNamespace.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 06:02:27 2014 UTC