php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #62159 All ports greater than 65535 in parse_url
Submitted: 2012-05-25 15:18 UTC Modified: 2012-05-29 12:07 UTC
Votes:4
Avg. Score:2.5 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: mfsole at hotmail dot com Assigned:
Status: Open Package: URL related
PHP Version: 5.3.13 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-05-25 15:18 UTC] mfsole at hotmail dot com
Description:
------------
Currently the parse_url function only recognizes ports from 0-65535. Firstly this 
isn't really documented on the site. Secondly, while it is true that valid port 
numbers for http requests are less than 65535 there are other types of URLs which 
have port numbers that can exceed that limit. This is very common in the SMS world 
as the port number is used to indicate short code. Here is an example:

ctpp://ericsson:78325/?carrier=31003&address=2125551212

I don't see any real benefit to limiting the port number, more over the function 
appears to arbitrarily rewrite the port number. So the above example gets reported 
as 12789.

Best case scenario would be to just allow numbers of any size. PHP is understood 
to be loosely type so enforcing type here is inconsistent. At the very least 
document the behavior on the site (I will add post to the function for others). 

Test script:
---------------
<?php
$url = 'ctpp://ericsson:78325/?carrier=31003&address=2125551212';
$parsedURL = parse_url($url);
var_dump($parsedURL);



Expected result:
----------------
array (size=5)
  'scheme' => string 'ctpp' (length=4)
  'host' => string 'ericsson' (length=8)
  'port' => int 78325
  'path' => string '/' (length=1)
  'query' => string 'carrier=31003&address=2125551212' (length=32)

Actual result:
--------------
array (size=5)
  'scheme' => string 'ctpp' (length=4)
  'host' => string 'ericsson' (length=8)
  'port' => int 12789
  'path' => string '/' (length=1)
  'query' => string 'carrier=31003&address=2125551212' (length=32)

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-25 19:29 UTC] riptide dot tempora at opinehub dot com
https://en.wikipedia.org/wiki/Goatse_Security#Browser_vulnerabilities <-- relevant
 [2012-05-29 02:51 UTC] kriss at krizalys dot com
I have the same behavior with older PHP 5.3.5/Windows 7 x64

However, I noticed that PHP 5.3.13/Gentoo x86_64 is even more strict and returns FALSE (meaning "really bad-formed URL" according to the doc) for the given URL. The port is the reason of this failure because changing it to something in the range 0 - 65535 will return the expected information.
 [2012-05-29 12:07 UTC] mfsole at hotmail dot com
Well returning false would be a better behavior than returning an arbitrary 
number. However I was forced to switch to the Pear package Net_URL2 which does not 
have this behavior.

Again, I need to stress that valid port numbers  are only relavant when making TCP 
requests (ssh, http, https, etc) but URLs are used for other things, like the 
examples I gave.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Jun 27 06:01:31 2019 UTC