|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53241 fopen(..., 'xb') and CURLOPT_FILE make cURL fail with: fopencookie failed
Submitted: 2010-11-04 14:36 UTC Modified: 2010-11-05 19:54 UTC
From: Alexander dot Farber at gmail dot com Assigned: cataphract
Status: Closed Package: Streams related
PHP Version: Irrelevant OS: CentOS 5.5 Linux
Private report: No CVE-ID:
 [2010-11-04 14:36 UTC] Alexander dot Farber at gmail dot com
If I call:

$fh = fopen('/tmp/yahoo.html', 'xb');
$ch = curl_init('');
curl_setopt($ch, CURLOPT_FILE, $fh);

then the last line will fail with the misleading fopencookie-message.

I need to use 'xb' and not 'wb', to ensure that just 1 script instance writes into that file - please see more info here:

Test script:
$fh = fopen('/tmp/yahoo.html', 'xb');
if ($fh) {
        $ch = curl_init('');
        curl_setopt($ch, CURLOPT_FILE, $fh); # XXX the line 6
        curl_setopt($ch, CURLOPT_HEADER, FALSE);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
        #curl_setopt($ch, CURLOPT_COOKIEJAR, '/dev/null');
        #curl_setopt($ch, CURLOPT_COOKIEFILE, '/dev/null');
        #curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookies.txt');
        #curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt');

        if(!curl_errno($ch)) {
                 $info = curl_getinfo($ch);
                  echo 'Took '.$info['total_time'] .
                    's to send a request to '.$info['url'];
} else {
        echo 'Can not open /tmp/yahoo.html';

Expected result:
I expect the script create the file /tmp/yahoo.html on the 1st run and put the downloaded content into it.

Actual result:
Nov  4 12:55:19 centos httpd: PHP Fatal error:  curl_setopt() [<a href='function.curl-setopt'>function.curl-setopt</a>]: fopencookie failed in /var/www/html/proxy3.php on line 6

And the file is sero-sized:

afarber@centos:html> ls -alZ /tmp/yahoo.html
-rw-r--r--  apache apache user_u:object_r:httpd_tmp_t      /tmp/yahoo.html


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-04 19:55 UTC]
-Assigned To: +Assigned To: cataphract
 [2010-11-04 19:55 UTC]
The problem is the cast to a FILE* pointer fails when the modes "x"/"c" and variants are used.

I'll see what can be done.
 [2010-11-04 19:57 UTC]
-Package: cURL related +Package: Streams related
 [2010-11-05 02:29 UTC]
Automatic comment from SVN on behalf of cataphract
Log: - Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
  with streams opened with, inter alia, the 'xb' mode).
 [2010-11-05 02:33 UTC]
-Status: Assigned +Status: Closed
 [2010-11-05 02:33 UTC]
Fixed for PHP 5.3 and trunk.

Thank you for your report.
 [2010-11-05 11:55 UTC]
-Status: Closed +Status: Assigned
 [2010-11-05 11:55 UTC]
Is it really necessary to export php_stream_rep_nonstand_mode? If an extension uses it now it will be then compatible only with 5.3.4 or later, which is bad (remeber the 5.2.6+ pain).

We also have some mode checks already in the stream implemenation, maybe it could be cleaner to use this function there as well.

About the implementation of php_stream_rep_nonstand_mode, it should be stricter, not assuming that anything else is 'c' or 'x', we had bugs related to bogus mode in the past.
 [2010-11-05 19:54 UTC]
-Status: Assigned +Status: Closed
 [2010-11-05 19:54 UTC]
Made the sanitizing function not exported. See rev #305108. Closing.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Tue Dec 01 20:01:34 2015 UTC