php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67955 SoapClient prepends 0-byte to cookie names
Submitted: 2014-09-03 12:30 UTC Modified: -
From: phofstetter at sensational dot ch Assigned:
Status: Closed Package: SOAP related
PHP Version: master-Git-2014-09-03 (Git) OS: OSX and Linux
Private report: No CVE-ID:
 [2014-09-03 12:30 UTC] phofstetter at sensational dot ch
Description:
------------
When sending a Cookie back to the server, SoapClient appends a 0-byte to the name of the cookie.

I have tracked this down to commit 6c2a8068207a02b3d7ae7416a9967dad0a81e61f that changed 

smart_str_appendl(&soap_headers, key, strlen(key));

to 

smart_str_appendl(&soap_headers, key, key_len);

in soap/php_http.c

I'm not too versed in the internals of PHP, but it looks to me like zend_hash_get_current_key_ex which is now used instead of zend_hash_get_current_key is returning the length of the value which includes the 0-terminator in case of strings and smart_str_appendl assumes the length to be without the 0 terminator (which is obvious when you look at the code pre-patch).

The fix is to either change that line to 

smart_str_appendl(&soap_headers, key, key_len-1);

or 

smart_str_appendl(&soap_headers, key, strlen(key));

Or to fix smart_srt_appendl, but that's used all over the code and assumes the length to be the string length, not the byte length, so that feels too invasive to me.

I will provide a patch to do the former, but feel free to do the latter.



Expected result:
----------------
when the server sends

Set-Cookie: JSESSIONID=foobar

I expect SoapClient to send

Cookie: JSESSIONID=foobar

Actual result:
--------------
SoapClient sends

Cookie: JSESSIONID_NULL_=foobar



Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-03 12:32 UTC] phofstetter at sensational dot ch
Commit reference on github would be 

https://github.com/php/php-src/commit/6c2a8068207a02b3d7ae7416a9967dad0a81e61f
 [2014-09-03 23:01 UTC] datibbaw@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa08ff924513d10ecd450e590865dc2926371f3a
Log: Fixed #67955: SoapClient prepends 0-byte to cookie names
 [2014-09-03 23:01 UTC] datibbaw@php.net
-Status: Open +Status: Closed
 [2014-09-03 23:01 UTC] datibbaw@php.net
Automatic comment on behalf of phofstetter@sensational.ch
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9befa8c5f7570808dbf31004ea33534cd61b7383
Log: fix bug #67955
 [2014-09-04 19:26 UTC] nikic@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa08ff924513d10ecd450e590865dc2926371f3a
Log: Fixed #67955: SoapClient prepends 0-byte to cookie names
 [2014-09-04 19:26 UTC] nikic@php.net
Automatic comment on behalf of phofstetter@sensational.ch
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9befa8c5f7570808dbf31004ea33534cd61b7383
Log: fix bug #67955
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Feb 24 17:01:40 2017 UTC