Patch bug70081 for SOAP related Bug #70081

Patch version 2015-07-26 23:45 UTC

• 2015-07-26 23:45 UTC [diff to current]

Developer: stas@php.net

commit c96d08b27226193dd51f2b50e84272235c6aaa69
Author: Stanislav Malyshev <stas@php.net>
Date:   Sun Jul 26 16:44:18 2015 -0700

    Fix bug #70081: check types for SOAP variables

diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 8c5082c..8dc6e45 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -759,18 +759,21 @@ try_again:
 				zend_hash_internal_pointer_reset(Z_ARRVAL_PP(cookies));
 				smart_str_append_const(&soap_headers, "Cookie: ");
 				for (i = 0; i < n; i++) {
+					ulong numindx;
+					int res = zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, &numindx, FALSE);
 					zend_hash_get_current_data(Z_ARRVAL_PP(cookies), (void **)&data);
-					zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, NULL, FALSE);
 
-					if (Z_TYPE_PP(data) == IS_ARRAY) {
+					if (res == HASH_KEY_IS_STRING && Z_TYPE_PP(data) == IS_ARRAY) {
 					  zval** value;
 
 						if (zend_hash_index_find(Z_ARRVAL_PP(data), 0, (void**)&value) == SUCCESS &&
 						    Z_TYPE_PP(value) == IS_STRING) {
 						  zval **tmp;
 						  if ((zend_hash_index_find(Z_ARRVAL_PP(data), 1, (void**)&tmp) == FAILURE ||
+					           Z_TYPE_PP(tmp) != IS_STRING ||
 						       strncmp(phpurl->path?phpurl->path:"/",Z_STRVAL_PP(tmp),Z_STRLEN_PP(tmp)) == 0) &&
 						      (zend_hash_index_find(Z_ARRVAL_PP(data), 2, (void**)&tmp) == FAILURE ||
+						       Z_TYPE_PP(tmp) != IS_STRING ||
 						       in_domain(phpurl->host,Z_STRVAL_PP(tmp))) &&
 						      (use_ssl || zend_hash_index_find(Z_ARRVAL_PP(data), 3, (void**)&tmp) == FAILURE)) {
 								smart_str_appendl(&soap_headers, key, strlen(key));