PHP :: Bug #73434 :: Null byte at end of array keys in getLastResponseInfo

Bug #73434

Null byte at end of array keys in getLastResponseInfo

Submitted:

2016-11-01 13:10 UTC

Modified:

2018-02-24 14:17 UTC

Votes:	4
Avg. Score:	4.2 ± 0.8
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

m at mhn dot me

Assigned:

Status:

Closed

Package:

oauth (PECL)

PHP Version:

7.0.12

OS:

Ubuntu 16.04

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2016-11-01 13:10 UTC] m at mhn dot me

Description:
------------
On a completely blank Ubuntu 16.04 server:

apt install php7.0 php7.0-dev php-pear
pecl install oauth-2.0.2
echo "extension=oauth.so" > /etc/php/7.0/cli/conf.d/20-oauth.ini

Paste the following in to a file named test.php:

```
<?php

$o = new OAuth("foo", "bar", OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
try {
	$o->fetch("http://example.com/", null, OAUTH_HTTP_METHOD_GET);
} catch (Exception $e){}

$fullInfo = $o->getLastResponseInfo();

foreach(array_keys($fullInfo) as $key) {
	echo str_pad($key, 30);
	$split = str_split($key);
	foreach ($split as $chr) {
		echo str_pad(ord($chr), 4);
	}
	echo PHP_EOL;
}

$testString = "test";
echo str_pad($testString, 30);
$split = str_split($testString);
foreach ($split as $chr) {
	echo str_pad(ord($chr), 4);
}
echo PHP_EOL;
```

php test.php

```
http_code                    104 116 116 112 95  99  111 100 101 0   
content_type                 99  111 110 116 101 110 116 95  116 121 112 101 0   
url                          117 114 108 0   
header_size                  104 101 97  100 101 114 95  115 105 122 101 0   
request_size                 114 101 113 117 101 115 116 95  115 105 122 101 0   
filetime                     102 105 108 101 116 105 109 101 0   
ssl_verify_result            115 115 108 95  118 101 114 105 102 121 95  114 101 115 117 108 116 0   
redirect_count               114 101 100 105 114 101 99  116 95  99  111 117 110 116 0   
total_time                   116 111 116 97  108 95  116 105 109 101 0   
namelookup_time              110 97  109 101 108 111 111 107 117 112 95  116 105 109 101 0   
connect_time                 99  111 110 110 101 99  116 95  116 105 109 101 0   
pretransfer_time             112 114 101 116 114 97  110 115 102 101 114 95  116 105 109 101 0   
size_upload                  115 105 122 101 95  117 112 108 111 97  100 0   
size_download                115 105 122 101 95  100 111 119 110 108 111 97  100 0   
speed_download               115 112 101 101 100 95  100 111 119 110 108 111 97  100 0   
speed_upload                 115 112 101 101 100 95  117 112 108 111 97  100 0   
download_content_length      100 111 119 110 108 111 97  100 95  99  111 110 116 101 110 116 95  108 101 110 103 116 104 0   
upload_content_length        117 112 108 111 97  100 95  99  111 110 116 101 110 116 95  108 101 110 103 116 104 0   
starttransfer_time           115 116 97  114 116 116 114 97  110 115 102 101 114 95  116 105 109 101 0   
redirect_time                114 101 100 105 114 101 99  116 95  116 105 109 101 0   
headers_recv                 104 101 97  100 101 114 115 95  114 101 99  118 0   
test                          116 101 115 116
```

Note the 0/NULL character at the end of every row except the manually added "test" row. You can also see that the NULL byte messed with the string padding since it's invisible.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-11-01 14:57 UTC] m at mhn dot me

Hey guys,

I've been reading the source and it seems that the CAAL, CAAD and CAAS definitions in php_oauth.h might be the culprit.

#define CAAL(s, v) add_assoc_long_ex(&info, s, sizeof(s), (long) v);
#define CAAD(s, v) add_assoc_double_ex(&info, s, sizeof(s), (double) v);
#define CAAS(s, v) add_assoc_string_ex(&info, s, sizeof(s), (char *) (v ? v : ""));

If I change these to the following then it seems to work:

#define CAAL(s, v) add_assoc_long_ex(&info, s, sizeof(s) - 1, (long) v);
#define CAAD(s, v) add_assoc_double_ex(&info, s, sizeof(s) - 1, (double) v);
#define CAAS(s, v) add_assoc_string_ex(&info, s, sizeof(s) - 1, (char *) (v ? v : ""));

All the tests pass as well.


Regards,
Matthew Hotchen

[2016-11-02 09:56 UTC] cmb@php.net

-Status: Open +Status: Analyzed -Assigned To: +Assigned To: seander

[2016-11-02 09:56 UTC] cmb@php.net

Yes, that needs to be fixed like in ext/curl[1].

Assigning to maintainer.

[1] <https://github.com/php/php-src/commit/c5e63f8a63b03b52cae35906625497bd17592c4e>

[2017-10-24 05:13 UTC] kalle@php.net

-Status: Analyzed +Status: Assigned

[2017-10-24 06:07 UTC] kalle@php.net

-Status: Assigned +Status: Open -Assigned To: seander +Assigned To:

[2018-02-10 00:06 UTC] o dot orcinus at gmail dot com

PHP 7.2, 2 years later, still unresolved.
This is ridiculous.

[2018-02-24 14:17 UTC] cmb@php.net

-Status: Open +Status: Analyzed

[2018-02-24 14:17 UTC] cmb@php.net

PR submitted: <https://github.com/php/pecl-web_services-oauth/pull/1>.

[2018-05-03 09:51 UTC] dennis dot eichardt at addapptr dot com

Yesterday at work I was running into this unexpectedly. Wanted to file a bug report, but seeing this hasn't been resolved since November 2016 fills my eyes with tears. This is a major, unexpected showstopper for everybody working with oAuth. I took me like over one hour to debug this, I would have never expected the array keys to be null. For me it was like: The result of getLastResponseInfo is defined. In my array. I watch it with print_r. It's there. I try to access a key with a value, boom it's gone. 

I promise 10 USD from my private wallet to the PHP foundation or to a similar good cause if there is none if we please get this fixed.

[2018-06-28 08:56 UTC] remi@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=pecl/web_services/oauth.git;a=commit;h=f8dd503c70464c6585a2b2a18d7a3457ce9241a4
Log: Fix #73434: Null byte at end of array keys in getLastResponseInfo

[2018-06-28 08:56 UTC] remi@php.net

-Status: Analyzed +Status: Closed

[2019-09-05 10:50 UTC] cmb@php.net

Related To: Bug #78493

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 15:01:28 2024 UTC