PHP :: Bug #67955 :: SoapClient prepends 0-byte to cookie names

Bug #67955	SoapClient prepends 0-byte to cookie names
Submitted:	2014-09-03 12:30 UTC	Modified:	-
From:	phofstetter at sensational dot ch	Assigned:
Status:	Closed	Package:	SOAP related
PHP Version:	master-Git-2014-09-03 (Git)	OS:	OSX and Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2014-09-03 12:30 UTC] phofstetter at sensational dot ch

Description:
------------
When sending a Cookie back to the server, SoapClient appends a 0-byte to the name of the cookie.

I have tracked this down to commit 6c2a8068207a02b3d7ae7416a9967dad0a81e61f that changed 

smart_str_appendl(&soap_headers, key, strlen(key));

to 

smart_str_appendl(&soap_headers, key, key_len);

in soap/php_http.c

I'm not too versed in the internals of PHP, but it looks to me like zend_hash_get_current_key_ex which is now used instead of zend_hash_get_current_key is returning the length of the value which includes the 0-terminator in case of strings and smart_str_appendl assumes the length to be without the 0 terminator (which is obvious when you look at the code pre-patch).

The fix is to either change that line to 

smart_str_appendl(&soap_headers, key, key_len-1);

or 

smart_str_appendl(&soap_headers, key, strlen(key));

Or to fix smart_srt_appendl, but that's used all over the code and assumes the length to be the string length, not the byte length, so that feels too invasive to me.

I will provide a patch to do the former, but feel free to do the latter.



Expected result:
----------------
when the server sends

Set-Cookie: JSESSIONID=foobar

I expect SoapClient to send

Cookie: JSESSIONID=foobar

Actual result:
--------------
SoapClient sends

Cookie: JSESSIONID_NULL_=foobar

Patches

Pull Requests

Pull requests:

fix bug #67955 (php-src/802)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-09-03 12:32 UTC] phofstetter at sensational dot ch

Commit reference on github would be 

https://github.com/php/php-src/commit/6c2a8068207a02b3d7ae7416a9967dad0a81e61f

[2014-09-03 23:01 UTC] datibbaw@php.net

Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa08ff924513d10ecd450e590865dc2926371f3a
Log: Fixed #67955: SoapClient prepends 0-byte to cookie names

[2014-09-03 23:01 UTC] datibbaw@php.net

-Status: Open +Status: Closed

[2014-09-03 23:01 UTC] datibbaw@php.net

Automatic comment on behalf of phofstetter@sensational.ch
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9befa8c5f7570808dbf31004ea33534cd61b7383
Log: fix bug #67955

[2014-09-04 19:26 UTC] nikic@php.net

Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa08ff924513d10ecd450e590865dc2926371f3a
Log: Fixed #67955: SoapClient prepends 0-byte to cookie names

[2014-09-04 19:26 UTC] nikic@php.net

Automatic comment on behalf of phofstetter@sensational.ch
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9befa8c5f7570808dbf31004ea33534cd61b7383
Log: fix bug #67955

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 02:00:02 2025 UTC