php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-17 21:11:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.4' into PHP-8.0

Browse Source 
* PHP-7.4:
  Fix #78719: http wrapper silently ignores long Location headers
This commit is contained in:
Christoph M. Becker
2021-03-03 10:47:09 +01:00
parent 957cb13a49 51e2015af3
commit 90b24401d6
3 changed files with 33 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -24,6 +24,8 @@ PHP NEWS
- Standard:
. Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI). (cmb)
. Fixed bug #78719 (http wrapper silently ignores long Location headers).
(cmb)
18 Feb 2021, PHP 8.0.3

18
ext/standard/http_fopen_wrapper.c
View File

@@ -730,24 +730,16 @@ finish:
/* read past HTTP headers */
http_header_line = emalloc(HTTP_HEADER_BLOCK_SIZE);
while (!php_stream_eof(stream)) {
size_t http_header_line_length;
if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
if (http_header_line != NULL) {
efree(http_header_line);
}
if ((http_header_line = php_stream_get_line(stream, NULL, 0, &http_header_line_length)) && *http_header_line != '\n' && *http_header_line != '\r') {
char *e = http_header_line + http_header_line_length - 1;
char *http_header_value;
if (*e != '\n') {
do { /* partial header */
if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) == NULL) {
php_stream_wrapper_log_error(wrapper, options, "Failed to read HTTP headers");
goto out;
}
e = http_header_line + http_header_line_length - 1;
} while (*e != '\n');
continue;
}
while (e >= http_header_line && (*e == '\n' || *e == '\r')) {
e--;
}

26
ext/standard/tests/http/bug78719.phpt Normal file
View File

@@ -0,0 +1,26 @@
--TEST--
Bug #78719 (http wrapper silently ignores long Location headers)
--SKIPIF--
<?php require 'server.inc'; http_server_skipif('tcp://127.0.0.1:12342'); ?>
--INI--
allow_url_fopen=1
--FILE--
<?php
require 'server.inc';
$url = str_repeat('*', 2000);
$responses = array(
"data://text/plain,HTTP/1.0 302 Ok\r\nLocation: $url\r\n\r\nBody",
);
$pid = http_server("tcp://127.0.0.1:12342", $responses, $output);
$context = stream_context_create(['http' => ['follow_location' => 0]]);
$stream = fopen('http://127.0.0.1:12342/', 'r', false, $context);
var_dump(stream_get_contents($stream));
var_dump(stream_get_meta_data($stream)['wrapper_data'][1] === "Location: $url");
http_server_kill($pid);
?>
--EXPECTF--
string(4) "Body"
bool(true)