PHP :: Bug #32563 :: stream_wrapper_register() allows registering of invalid schemes.

Bug #32563	stream_wrapper_register() allows registering of invalid schemes.
Submitted:	2005-04-04 08:03 UTC	Modified:	2005-04-05 10:17 UTC
From:	a at b dot c dot de	Assigned:	pollita (profile)
Status:	Closed	Package:	Filesystem function related
PHP Version:	5.*	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2005-04-04 08:03 UTC] a at b dot c dot de

Description:
------------
URL schemes may not contain ":" characters (as this character is used as the scheme delimiter). stream_wrapper_register() will allow "schemes" containing ":" to be registered, even though the URLs that result from using them are invalid.


Reproduce code:
---------------
<?php
class foo_class{
function stream_open(){return true;}
}
stream_wrapper_register('tick:tock', 'foo_class');
print_r(stream_get_wrappers());
$fp=fopen('tick:tock:thingy','w');
?>

Expected result:
----------------
Warning: stream_wrapper_register(tick:tock): Invalid argument ... on line 5

Array
(
    [0] => php
    [1] => file
    [2] => http
    [3] => ftp
    [4] => compress.zlib
)


Actual result:
--------------
Array
(
    [0] => php
    [1] => file
    [2] => http
    [3] => ftp
    [4] => compress.zlib
    [5] => tick:tock
)

Warning: fopen(tick:tock:thingy): failed to open stream: Invalid argument ... on line 7

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-04-04 09:33 UTC] sniper@php.net

Sara, can you please look into this?

[2005-04-04 09:34 UTC] sniper@php.net

It also crashes in HEAD:

#0  0x00000019 in ?? ()
#1  0x0830dee5 in _php_stream_free (stream=0x8ba544c, close_options=11) at /usr/src/php/php5/main/streams/streams.c:362
#2  0x0830fce7 in stream_resource_regular_dtor (rsrc=0x8ba4dc4) at /usr/src/php/php5/main/streams/streams.c:1366
#3  0x08347879 in list_entry_destructor (ptr=0x8ba4dc4) at /usr/src/php/php5/Zend/zend_list.c:178
#4  0x08345af2 in zend_hash_del_key_or_index (ht=0x85eab40, arKey=0x0, nKeyLength=0, h=6, flag=1)
    at /usr/src/php/php5/Zend/zend_hash.c:490
#5  0x083475dd in _zend_list_delete (id=6) at /usr/src/php/php5/Zend/zend_list.c:58
#6  0x0833c9be in _zval_dtor_func (zvalue=0x8ba5044, __zend_filename=0x8562434 "/usr/src/php/php5/Zend/zend_variables.h", 
    __zend_lineno=35) at /usr/src/php/php5/Zend/zend_variables.c:60
#7  0x083318c5 in _zval_dtor (zvalue=0x8ba5044, __zend_filename=0x85623d8 "/usr/src/php/php5/Zend/zend_execute_API.c", 
    __zend_lineno=391) at zend_variables.h:35
#8  0x08331a78 in _zval_ptr_dtor (zval_ptr=0x8ba4ff8, __zend_filename=0x8563290 "/usr/src/php/php5/Zend/zend_variables.c", 
    __zend_lineno=175) at /usr/src/php/php5/Zend/zend_execute_API.c:391
#9  0x0833cc63 in _zval_ptr_dtor_wrapper (zval_ptr=0x8ba4ff8) at /usr/src/php/php5/Zend/zend_variables.c:175
#10 0x08345e5a in zend_hash_apply_deleter (ht=0x85eaa10, p=0x8ba4fec) at /usr/src/php/php5/Zend/zend_hash.c:574
#11 0x0834607b in zend_hash_graceful_reverse_destroy (ht=0x85eaa10) at /usr/src/php/php5/Zend/zend_hash.c:640
#12 0x08331411 in shutdown_executor () at /usr/src/php/php5/Zend/zend_execute_API.c:216
#13 0x0833df9e in zend_deactivate () at /usr/src/php/php5/Zend/zend.c:823
#14 0x082fd3e1 in php_request_shutdown (dummy=0x0) at /usr/src/php/php5/main/main.c:1217
#15 0x083b9ca0 in main (argc=2, argv=0xbfe6ea74) at /usr/src/php/php5/sapi/cli/php_cli.c:1057

[2005-04-04 22:32 UTC] pollita@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Your basic assessment is correct.  ':' is not a valid scheme character ([a-zA-Z0-9+.-]+), however, it is NOT the scheme delimiter by itself.

The full '://' is required to delimit a scheme identifier, so in your example you would have needed to use fopen('tick:tock://thingy', ... to even come close to triggering that wrapper.

The only wrapper which supports a single colon as a delimiter is zlib: which is a hardcoded exception in the streams layer to maintain backward compatability with old scripts.

The fact that you got "Invalid argument" as an error message suggests you're using Win32 (please, when submitting a bug provide the actual versions you've seen the specific error messages provided on -- Leave the assumptions to us).  What the filesystem is attempting to do here is locate an alternate data stream named 'tock:thingy' on the 'tick' file which is of course an invalid name for an ADS.

[2005-04-05 10:17 UTC] a at b dot c dot de

"The full '://' is required to delimit a scheme identifier, so in your
example you would have needed to use fopen('tick:tock://thingy', ... to
even come close to triggering that wrapper."

Incorrect; see bug #32535 and RFC2718.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jan 03 01:01:29 2025 UTC