php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67955 SoapClient prepends 0-byte to cookie names
Submitted: 2014-09-03 12:30 UTC Modified: -
From: phofstetter at sensational dot ch Assigned:
Status: Closed Package: SOAP related
PHP Version: master-Git-2014-09-03 (Git) OS: OSX and Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: phofstetter at sensational dot ch
New email:
PHP Version: OS:

 

 [2014-09-03 12:30 UTC] phofstetter at sensational dot ch
Description:
------------
When sending a Cookie back to the server, SoapClient appends a 0-byte to the name of the cookie.

I have tracked this down to commit 6c2a8068207a02b3d7ae7416a9967dad0a81e61f that changed 

smart_str_appendl(&soap_headers, key, strlen(key));

to 

smart_str_appendl(&soap_headers, key, key_len);

in soap/php_http.c

I'm not too versed in the internals of PHP, but it looks to me like zend_hash_get_current_key_ex which is now used instead of zend_hash_get_current_key is returning the length of the value which includes the 0-terminator in case of strings and smart_str_appendl assumes the length to be without the 0 terminator (which is obvious when you look at the code pre-patch).

The fix is to either change that line to 

smart_str_appendl(&soap_headers, key, key_len-1);

or 

smart_str_appendl(&soap_headers, key, strlen(key));

Or to fix smart_srt_appendl, but that's used all over the code and assumes the length to be the string length, not the byte length, so that feels too invasive to me.

I will provide a patch to do the former, but feel free to do the latter.



Expected result:
----------------
when the server sends

Set-Cookie: JSESSIONID=foobar

I expect SoapClient to send

Cookie: JSESSIONID=foobar

Actual result:
--------------
SoapClient sends

Cookie: JSESSIONID_NULL_=foobar



Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-03 12:32 UTC] phofstetter at sensational dot ch
Commit reference on github would be 

https://github.com/php/php-src/commit/6c2a8068207a02b3d7ae7416a9967dad0a81e61f
 [2014-09-03 23:01 UTC] datibbaw@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa08ff924513d10ecd450e590865dc2926371f3a
Log: Fixed #67955: SoapClient prepends 0-byte to cookie names
 [2014-09-03 23:01 UTC] datibbaw@php.net
-Status: Open +Status: Closed
 [2014-09-03 23:01 UTC] datibbaw@php.net
Automatic comment on behalf of phofstetter@sensational.ch
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9befa8c5f7570808dbf31004ea33534cd61b7383
Log: fix bug #67955
 [2014-09-04 19:26 UTC] nikic@php.net
Automatic comment on behalf of datibbaw
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa08ff924513d10ecd450e590865dc2926371f3a
Log: Fixed #67955: SoapClient prepends 0-byte to cookie names
 [2014-09-04 19:26 UTC] nikic@php.net
Automatic comment on behalf of phofstetter@sensational.ch
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9befa8c5f7570808dbf31004ea33534cd61b7383
Log: fix bug #67955
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Tue Feb 11 00:01:29 2025 UTC