php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73037 SoapServer reports Bad Request when gzipped
Submitted: 2016-09-07 08:03 UTC Modified: 2016-11-22 10:14 UTC
From: maggus dot staab at googlemail dot com Assigned: ab
Status: Closed Package: SOAP related
PHP Version: 5.6.25 OS: Ubuntu14LTS
Private report: No CVE-ID:
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
42 + 4 = ?
Subscribe to this entry?

 
 [2016-09-07 08:03 UTC] maggus dot staab at googlemail dot com
Description:
------------
SoapServer->handle() reports a bad-request when issuing a request with gzip.
triggering the very same request without gzip encoding works as expected.
SoapServer seems not to be able to read and parse the posted XML body.
the error is reproducible on php 5.6.23 and 7.0.10.

the testscript works (both in gzip and non-gzip) on php 5.4.45 (on ubuntu12 lts)


here some detail of the involved php versions:

mstaab@mst14:~$ php -v
PHP 7.0.10-2+deb.sury.org~trusty+1 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.10-2+deb.sury.org~trusty+1, Copyright (c) 1999-2016, by Zend Technologies
    with blackfire v1.12.0, https://blackfire.io, by Blackfireio Inc.

mstaab@mst14:~$ php5 -v
PHP 5.6.23-1+deprecated+dontuse+deb.sury.org~trusty+1 (cli)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
    with Zend Debugger v8.0.0, Copyright (c) 1999-2014, by Zend Technologies
    with blackfire v1.12.0, https://blackfire.io, by Blackfireio Inc.

mstaab@vStaab12:~$ php -v
PHP 5.4.45-3+deb.sury.org~precise+1 (cli) (built: Jan  7 2016 15:32:17)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend Debugger v6.0.0, Copyright (c) 1999-2013, by Zend Technologies
    with blackfire v1.11.1, https://blackfire.io, by Blackfireio Inc.


Test script:
---------------
mstaab@mst14:~$ cat server.php
<?php

$s = new SoapServer(NULL, array('uri' => 'http://localhost/server.php'));
$s->setObject(new stdclass());
$s->handle();


mstaab@mst14:~$ cat postgz.sh
#!/bin/bash
curl \
    -H "Content-Type: application/soap+xml; charset=UTF-8" \
    -H "Accept: application/soap+xml, application/dime, multipart/related, text/*" \
    -H 'SOAPAction: "urn:adressen#adressen#SetAda"' \
    -H 'Content-Encoding: gzip' \
--data-binary @<(cat cd_catalog.xml | gzip) \
    -X POST http://localhost:8000/server.php


mstaab@mst14:~$ cat post.sh
#!/bin/bash
curl \
    -H "Content-Type: application/soap+xml; charset=UTF-8" \
    -H "Accept: application/soap+xml, application/dime, multipart/related, text/*" \
    -H 'SOAPAction: "urn:adressen#adressen#SetAda"' \
--data-binary @<(cat cd_catalog.xml) \
    -X POST http://localhost:8000/server.php

cd_catalog.xml can be found at https://gist.github.com/staabm/fc96933585c11fe277b658c62c877345


you just need to start the builtin-webserver using php -S localhost:8000 and trigger post.sh respec. postgz.sh


Expected result:
----------------
mstaab@vStaab12:~$ ./post.sh
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"><env:Body><env:Fault><env:Code><env:Value>env:Receiver</env:Value></env:Code><env:Reason><env:Text>Function 'CATALOG't exist</env:Text></env:Reason></env:Fault></env:Body></env:Envelope>

mstaab@vStaab12:~$ ./postgz.sh
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"><env:Body><env:Fault><env:Code><env:Value>env:Receiver</env:Value></env:Code><env:Reason><env:Text>Function 'CATALOG't exist</env:Text></env:Reason></env:Fault></env:Body></env:Envelope>


Actual result:
--------------
mstaab@mst14:~$ ./post.sh
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"><env:Body><env:Fault><env:Code><env:Value>env:Receiver</env:Value></env:Code><env:Reason><env:Text>Function 'CATALOG't exist</env:Text></env:Reason></env:Fault></env:Body></env:Envelope>

mstaab@mst14:~$ ./postgz.sh
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>Bad Request</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>


Patches

bug73037.try.2.patch (last revision 2016-09-16 13:52 UTC) by ab@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-08 22:56 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2016-09-08 22:56 UTC] ab@php.net
Thanks for the report. Is the behavior same without Opcache and Blackfire? Ideally, with anything except soap and gzip excluded.

Thanks.
 [2016-09-09 17:53 UTC] bwoebi@php.net
-Status: Feedback +Status: Open
 [2016-09-09 17:53 UTC] bwoebi@php.net
I had looked at the issue and it's not related to any extension (only zlib, soap and libxml code is ever called).

There's something fishy when _php_stream_read() is called recursively though.

Thus simple code like:

class simple_filter extends php_user_filter {
    function filter($in, $out, &$consumed, $closing) {
        while ($bucket = stream_bucket_make_writeable($in)) {
            $consumed += $bucket->datalen;
            stream_bucket_append($out, $bucket);
        }
        return PSFS_PASS_ON;
    }
}
stream_filter_register("simple", "simple_filter");
file_get_contents("php://filter/read=simple/resource=http://google.com");

is also failing in PHP 7. (works flawlessly with PHP 5.)
 [2016-09-09 23:06 UTC] bwoebi@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: ab
 [2016-09-12 12:17 UTC] maggus dot staab at googlemail dot com
I can re-produce the issue with opcache, blackfire disabled. same issue without those extensions.
 [2016-09-15 15:42 UTC] ab@php.net
-Status: Assigned +Status: Verified
 [2016-09-15 15:42 UTC] ab@php.net
I repro the case with gzip compression. But from what i could debug, it looks rather like an issue with the exact case, not with the streams. The compressed data arrives, but the wrapping stream doesn't eat all the uncompressed buffer. Right now it looks like an issue with XML parser in conjunction with streams. 

The internal stream buffer is 8192 bytes, any data smaller than that seems to come through. Also, a simple snippet without XML parser works, too. Like

$fd = fopen("php://input", "rb");
stream_filter_append($fd, 'zlib.inflate', STREAM_FILTER_READ, array('window' => 0x2f));

$in = "";
while (!feof($fd)) {
        $in .= fread($fd, 1024);
}

fclose($fd);

I was able to track this down to PHP 5.5 already. Digging further on this.

Bob, i currently don't see, how the other snippet is connected to this. Works in both 5 and 7 on my side. Maybe it's also about buffered enclosed stream. Didn't try anything else, but google seems to deliver the whole page, though always different size.

Thanks.
 [2016-09-16 13:52 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: bug73037.try.2.patch
Revision:   1474033971
URL:        https://bugs.php.net/patch-display.php?bug=73037&patch=bug73037.try.2.patch&revision=1474033971
 [2016-09-16 13:56 UTC] ab@php.net
-Status: Verified +Status: Feedback
 [2016-09-16 13:56 UTC] ab@php.net
Markus, could you check the attached patch please? Besides your actual repro case, with the data size < 8k, > 16k and the rest of your app.

Thanks.
 [2016-09-19 07:49 UTC] maggus dot staab at googlemail dot com
-Status: Feedback +Status: Assigned
 [2016-09-19 07:49 UTC] maggus dot staab at googlemail dot com
Thx anatol for your patch!

I am not sure what the easiest way is to get a custom php7 build running with this patch included.

Do I have to build/make/compile it on my machine?
 [2016-09-19 09:01 UTC] ab@php.net
Yeah, you'd need to compile.

Thanks.
 [2016-09-23 14:08 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=410c68788ae4826807e8ced3f4a02e676142b22a
Log: Fixed bug #73037 SoapServer reports Bad Request when gzipped
 [2016-09-23 14:08 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2016-09-23 16:12 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f9a699f6c3aa7acea922242a0f14731f6b829742
Log: Fixed bug #73037 SoapServer reports Bad Request when gzipped
 [2016-09-23 16:49 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=075aa911ff8c11620f1a5633c1a107c09919794f
Log: Revert &quot;Fixed bug #73037 SoapServer reports Bad Request when gzipped&quot;
 [2016-09-23 17:20 UTC] ab@php.net
-Status: Closed +Status: Re-Opened
 [2016-09-23 17:20 UTC] ab@php.net
The patch seems to be wrong. Need another round on it.

Thanks.
 [2016-10-04 16:23 UTC] maggus dot staab at googlemail dot com
any idea on how this could be fixed instead?
 [2016-10-05 13:06 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=07546496b13e35105dae8e1c168d8356f2dd849d
Log: Fix bug #73037, second round
 [2016-10-05 13:06 UTC] ab@php.net
-Status: Re-Opened +Status: Closed
 [2016-10-05 13:52 UTC] ab@php.net
-Status: Closed +Status: Re-Opened
 [2016-10-05 13:52 UTC] ab@php.net
Markus, I've pushed another patch. Please check the latest dev tree or windows snapshots.

Thanks.
 [2016-10-05 15:08 UTC] maggus dot staab at googlemail dot com
thx. as soon this patch will be part of a RC/tagged-pre-stable-release I will be able to confirm/test it.
 [2016-10-17 10:07 UTC] bwoebi@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=07546496b13e35105dae8e1c168d8356f2dd849d
Log: Fix bug #73037, second round
 [2016-10-17 10:07 UTC] bwoebi@php.net
-Status: Re-Opened +Status: Closed
 [2016-10-17 10:07 UTC] bwoebi@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=075aa911ff8c11620f1a5633c1a107c09919794f
Log: Revert &quot;Fixed bug #73037 SoapServer reports Bad Request when gzipped&quot;
 [2016-10-17 10:07 UTC] bwoebi@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f9a699f6c3aa7acea922242a0f14731f6b829742
Log: Fixed bug #73037 SoapServer reports Bad Request when gzipped
 [2016-10-17 10:07 UTC] bwoebi@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=410c68788ae4826807e8ced3f4a02e676142b22a
Log: Fixed bug #73037 SoapServer reports Bad Request when gzipped
 [2016-10-17 13:26 UTC] nikic@php.net
-Status: Closed +Status: Re-Opened
 [2016-10-17 13:26 UTC] nikic@php.net
Someone messed the repo again, reopening.
 [2016-10-29 13:34 UTC] spam2 at rhsoft dot net
just built the current RC

PHP 7.0.13RC1 (cli) (built: Oct 29 2016 15:19:54) ( NTS )

Bug #73037 SoapServer reports Bad Request when gzipped, var 0 [ext/soap/tests/bug73037.phpt]
 [2016-11-15 15:14 UTC] maggus dot staab at googlemail dot com
@Analot: thx for the fix. I can confirm the bug is gone in 7.0.13
 [2016-11-22 10:14 UTC] ab@php.net
-Status: Re-Opened +Status: Closed
 [2016-11-22 10:14 UTC] ab@php.net
Closing then.

Thanks.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jun 23 06:01:39 2017 UTC