php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #45238 SOAP client buffer overflow
Submitted: 2008-06-11 14:10 UTC Modified: 2009-05-05 01:00 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: john dot navratil at sbcglobal dot net Assigned:
Status: No Feedback Package: SOAP related
PHP Version: 5.2.6 OS: Solaris 8
Private report: No CVE-ID: None
View Developer Edit
 [2008-06-11 14:10 UTC] john dot navratil at sbcglobal dot net 
Description:
------------
This is related to bug 43437.  In fact, I posted this as a comment to that bug, but there doesn't appear to be much action there.  Sorry if I am posting a duplicate.

A segmentation fault is generated when a client invokes a SOAP method via _doRequest() after what appears to be a buffer overflow in a previous request.  The test code return a string of bytes.  Attempting to return a string 7443 X's succeeds.  7444 fails with
message: PHP Warning:  SoapClient::__doRequest(): 1 bytes of buffered
data lost during stream conversion!.  After failure, a second SOAP
invocation results in a segmentation fault.

FWIW: Hitting the same SOAP server with a VBScript test script doesn't
exhibit the error.

Reproduce code:
---------------
SOAP Server Example -------:
<?
function myMethod()
{
  $rslt = str_repeat('x', 7444);
  return $rslt;
}

ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache
$server = new SoapServer("http://myURL/my.wsdl");
$server->addFunction("myMethod");
?>

SOAP Client test code -------:

<?php
ini_set("soap.wsdl_cache_enabled", "0");
$client = new SoapClient("http://myURL/my.wsdl");
try
{
        print($client->myMethod());
        print($client->myMethod());
}
catch (SoapFault $exception)
{
        echo $exception;
}
?>


Expected result:
----------------
A stream of 'X's

Actual result:
--------------
A segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-27 15:56 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2009-05-05 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 23:00:01 2025 UTC