php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67594 Unable to access to apache_request_headers() elements
Submitted: 2014-07-09 12:00 UTC Modified: 2014-07-11 07:18 UTC
From: ohland_e at epitech dot net Assigned:
Status: Closed Package: Built-in web server
PHP Version: 5.5.14 OS: Linux (archlinux)
Private report: No CVE-ID:
 [2014-07-09 12:00 UTC] ohland_e at epitech dot net
Description:
------------
I cannot access to elements of an array returned by apache_request_headers() with the PHP embedded web server (ie: php -S localhost:8000) but I can see them when I var_dump() the array.

Test script:
---------------
<?php
header('Content-Type: text/plain');

$headers = apache_request_headers();

echo '$headers["Host"] = ';
var_dump($headers['Host']);

echo '$headers = ';
var_dump($headers);
?>

Expected result:
----------------
The following output is excepted:

$headers["Host"] = string(14) "localhost:8080"
$headers = array(8) {
  ["Host"]=>
  string(14) "localhost:8080"
  ["Connection"]=>
  string(10) "keep-alive"
  ["Cache-Control"]=>
  string(9) "max-age=0"
  ["Accept"]=>
  string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
  ["User-Agent"]=>
  string(105) "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
  ["DNT"]=>
  string(1) "1"
  ["Accept-Encoding"]=>
  string(17) "gzip,deflate,sdch"
  ["Accept-Language"]=>
  string(35) "en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4"
}

Actual result:
--------------
The "$headers['Host']" variable is not set and I got NULL. This happend for every element of the array.
Here is the actual output:

$headers["Host"] = NULL
$headers = array(8) {
  ["Host"]=>
  string(14) "localhost:8080"
  ["Connection"]=>
  string(10) "keep-alive"
  ["Cache-Control"]=>
  string(9) "max-age=0"
  ["Accept"]=>
  string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
  ["User-Agent"]=>
  string(105) "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
  ["DNT"]=>
  string(1) "1"
  ["Accept-Encoding"]=>
  string(17) "gzip,deflate,sdch"
  ["Accept-Language"]=>
  string(35) "en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-07-11 07:18 UTC] yohgaki@php.net
-Status: Open +Status: Analyzed
 [2014-07-11 07:18 UTC] yohgaki@php.net
PHP 5.6 has this issue, too.

php_cli_server.c 
PHP_FUNCTION(apache_request_headers) /* {{{ */
{
	php_cli_server_client *client;
	HashTable *headers;
	char *key;
	uint key_len;
	char **value_pointer;
	HashPosition pos;

	if (zend_parse_parameters_none() == FAILURE) {
		return;
	}

	client = SG(server_context);
	headers = &client->request.headers_original_case;

	array_init_size(return_value, zend_hash_num_elements(headers));

	zend_hash_internal_pointer_reset_ex(headers, &pos);
	while (zend_hash_get_current_data_ex(headers, (void **)&value_pointer, &pos) == SUCCESS) {
		zend_hash_get_current_key_ex(headers, &key, &key_len, NULL, 0, &pos);
		add_assoc_string_ex(return_value, key, key_len, *value_pointer, 1);
		zend_hash_move_forward_ex(headers, &pos);
	}
}


key contains ':'. e.g. "Host:" and key_len is 5 in this case. It seems non-null terminated key is causing the problem. Zend hash does not matter if key data is null terminated or not, but it seems PHP assumes key is always terminated by null. Therefore, there is key mismatch and $header['Host'] is undefined. i.e. Zend hash has "Host:" as a key, not "Host\0".

Possible patch is blow, but I'm not sure if this is the best way to handle this.

[yohgaki@dev php-src]$ git diff
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 64cca0e..0c83b92 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -481,7 +481,7 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */
 {
        php_cli_server_client *client;
        HashTable *headers;
-       char *key;
+       char *key, *tmp;
        uint key_len;
        char **value_pointer;
        HashPosition pos;
@@ -498,7 +498,9 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */
        zend_hash_internal_pointer_reset_ex(headers, &pos);
        while (zend_hash_get_current_data_ex(headers, (void **)&value_pointer, &pos) == SUCCESS) {
                zend_hash_get_current_key_ex(headers, &key, &key_len, NULL, 0, &pos);
-               add_assoc_string_ex(return_value, key, key_len, *value_pointer, 1);
+               tmp = estrndup(key, key_len-1);
+               add_assoc_string_ex(return_value, tmp, key_len, *value_pointer, 1);
+               efree(tmp);
                zend_hash_move_forward_ex(headers, &pos);
        }
 }
 [2014-07-12 07:13 UTC] datibbaw@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1684ba3c6f2f0aa8700363acbca98acf9f3afc45
Log: Fix #67594 - invisible colon should be stripped off header name
 [2014-07-12 07:13 UTC] datibbaw@php.net
-Status: Analyzed +Status: Closed
 [2014-07-14 07:45 UTC] dmitry@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1684ba3c6f2f0aa8700363acbca98acf9f3afc45
Log: Fix #67594 - invisible colon should be stripped off header name
 [2014-07-21 09:30 UTC] ab@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1684ba3c6f2f0aa8700363acbca98acf9f3afc45
Log: Fix #67594 - invisible colon should be stripped off header name
 [2014-07-21 10:02 UTC] ab@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1684ba3c6f2f0aa8700363acbca98acf9f3afc45
Log: Fix #67594 - invisible colon should be stripped off header name
 [2014-07-30 09:52 UTC] tyrael@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1684ba3c6f2f0aa8700363acbca98acf9f3afc45
Log: Fix #67594 - invisible colon should be stripped off header name
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu Apr 27 22:01:38 2017 UTC