Fixed bug #32941 (Sending structured SOAP fault kills a php)

NEWS

@@ -35,6 +35,7 @@ PHP                                                                        NEWS
 - Fixed bug #32947 (Incorrect option for mysqli default password). (Georg)
 - Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading 
   session cookies). (Jani, Tony)
+- Fixed bug #32941 (Sending structured SOAP fault kills a php). (Dmitry)
 - Fixed bug #32936 (http redirects URLs are not checked for control chars). (Ilia)
 - Fixed bug #32933 (Cannot extend class "SQLiteDatabase"). (Marcus)
 - Fixed bug #32932 (Oracle LDAP: ldap_get_entries(), invalid pointer). (Jani)

ext/soap/php_encoding.c

@@ -2297,6 +2297,9 @@ static zval *guess_zval_convert(encodeTypePtr type, xmlNodePtr data)
 		if (tmpattr != NULL) {
 		  type_name = tmpattr->children->content;
 			enc = get_encoder_from_prefix(SOAP_GLOBAL(sdl), data, tmpattr->children->content);
+			if (type == &enc->details) {
+				enc = NULL;
+			}
 			if (enc != NULL) {
 			  encodePtr tmp = enc;
 			  while (tmp &&

ext/soap/php_schema.c

@@ -88,20 +88,10 @@ static encodePtr create_encoder(sdlPtr sdl, sdlTypePtr cur_type, const char *ns,
 
 static encodePtr get_create_encoder(sdlPtr sdl, sdlTypePtr cur_type, const char *ns, const char *type)
 {
-	encodePtr enc = NULL;
-	smart_str nscat = {0};
-
-	smart_str_appends(&nscat, ns);
-	smart_str_appendc(&nscat, ':');
-	smart_str_appends(&nscat, type);
-	smart_str_0(&nscat);
-
-	enc = get_encoder_ex(sdl, nscat.c, nscat.len);
+	encodePtr enc = get_encoder(sdl, ns, type);
 	if (enc == NULL) {
 		enc = create_encoder(sdl, cur_type, ns, type);
 	}
-
-	smart_str_free(&nscat);
 	return enc;
 }
 

ext/soap/php_sdl.c

@@ -50,21 +50,10 @@ encodePtr get_encoder_from_prefix(sdlPtr sdl, xmlNodePtr node, const char *type)
 	parse_namespace(type, &cptype, &ns);
 	nsptr = xmlSearchNs(node->doc, node, ns);
 	if (nsptr != NULL) {
-		int ns_len = strlen(nsptr->href);
-		int type_len = strlen(cptype);
-		int len = ns_len + type_len + 1;
-		char *nscat = emalloc(len + 1);
-
-		memcpy(nscat, nsptr->href, ns_len);
-		nscat[ns_len] = ':';
-		memcpy(nscat+ns_len+1, cptype, type_len);
-		nscat[len] = '\0';
-
-		enc = get_encoder_ex(sdl, nscat, len);
+		enc = get_encoder(sdl, nsptr->href, cptype);
 		if (enc == NULL) {
-			enc = get_encoder_ex(sdl, type, type_len);
+			enc = get_encoder_ex(sdl, cptype, strlen(cptype));
 		}
-		efree(nscat);
 	} else {
 		enc = get_encoder_ex(sdl, type, strlen(type));
 	}
@@ -128,8 +117,24 @@ encodePtr get_encoder(sdlPtr sdl, const char *ns, const char *type)
 	nscat[len] = '\0';
 
 	enc = get_encoder_ex(sdl, nscat, len);
-
 	efree(nscat);
+
+	if (enc == NULL &&
+	    ((ns_len == sizeof(SOAP_1_1_ENC_NAMESPACE)-1 &&
+	      memcmp(ns, SOAP_1_1_ENC_NAMESPACE, sizeof(SOAP_1_1_ENC_NAMESPACE)-1) == 0) ||
+	     (ns_len == sizeof(SOAP_1_2_ENC_NAMESPACE)-1 &&
+	      memcmp(ns, SOAP_1_2_ENC_NAMESPACE, sizeof(SOAP_1_2_ENC_NAMESPACE)-1) == 0))) {
+		ns_len = sizeof(XSD_NAMESPACE)-1;
+		len = ns_len + type_len + 1;
+		nscat = emalloc(len + 1);
+		memcpy(nscat, XSD_NAMESPACE, sizeof(XSD_NAMESPACE)-1);
+		nscat[ns_len] = ':';
+		memcpy(nscat+ns_len+1, type, type_len);
+		nscat[len] = '\0';
+
+		enc = get_encoder_ex(sdl, nscat, len);
+		efree(nscat);
+	}
 	return enc;
 }
 

ext/soap/tests/bugs/bug32941.phpt

@@ -0,0 +1,41 @@
+--TEST--
+Bug #32941 (Sending structured exception kills a php)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+class TestSoapClient extends SoapClient {
+  function __doRequest($request, $location, $action, $version) {
+  	return <<<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope
+xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<soapenv:Body>
+		<soapenv:Fault>
+			<faultcode>soapenv:Server.userException</faultcode>
+			<faultstring>service.EchoServiceException</faultstring>
+			<detail>
+				<service.EchoServiceException xsi:type="ns1:EchoServiceException" xmlns:ns1="urn:service.EchoService">
+					<intParameter xsi:type="xsd:int">105</intParameter>
+					<parameter xsi:type="soapenc:string" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">string param</parameter>
+				</service.EchoServiceException>
+				<ns2:hostname xmlns:ns2="http://xml.apache.org/axis/">steckovic</ns2:hostname>
+			</detail>
+		</soapenv:Fault>
+	</soapenv:Body>
+</soapenv:Envelope>
+EOF;
+	}
+}
+
+ini_set("soap.wsdl_cache_enabled", 1);
+$client = new TestSoapClient(dirname(__FILE__).'/bug32941.wsdl', array("trace" => 1, 'exceptions' => 0));
+$ahoj = $client->echoString('exception');
+$client = new TestSoapClient(dirname(__FILE__).'/bug32941.wsdl', array("trace" => 1, 'exceptions' => 0));
+$ahoj = $client->echoString('exception');
+echo "ok\n";
+?>
+--EXPECT--
+ok

ext/soap/tests/bugs/bug32941.wsdl

@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions targetNamespace="http://212.24.157.117:8080/axis/services/echo" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://212.24.157.117:8080/axis/services/echo" xmlns:intf="http://212.24.157.117:8080/axis/services/echo" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns1="urn:service.EchoService" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+<!--WSDL created by Apache Axis version: 1.2RC3
+Built on Feb 28, 2005 (10:15:14 EST)-->
+ <wsdl:types>
+  <schema targetNamespace="urn:service.EchoService" xmlns="http://www.w3.org/2001/XMLSchema">
+   <import namespace="http://schemas.xmlsoap.org/soap/encoding/"/>
+   <complexType name="EchoServiceException">
+    <sequence>
+     <element name="intParameter" type="xsd:int"/>
+     <element name="parameter" nillable="true" type="soapenc:string"/>
+    </sequence>
+   </complexType>
+   <complexType name="Person">
+    <sequence>
+     <element name="name" nillable="true" type="soapenc:string"/>
+     <element name="surname" nillable="true" type="soapenc:string"/>
+    </sequence>
+   </complexType>
+  </schema>
+ </wsdl:types>
+
+   <wsdl:message name="echoStringResponse">
+
+      <wsdl:part name="echoStringReturn" type="soapenc:string"/>
+
+   </wsdl:message>
+
+   <wsdl:message name="EchoServiceException">
+
+      <wsdl:part name="EchoServiceException" type="tns1:EchoServiceException"/>
+
+   </wsdl:message>
+
+   <wsdl:message name="echoStringRequest">
+
+      <wsdl:part name="e" type="xsd:string"/>
+
+   </wsdl:message>
+
+   <wsdl:message name="echoPersonResponse">
+
+      <wsdl:part name="echoPersonReturn" type="tns1:Person"/>
+
+   </wsdl:message>
+
+   <wsdl:message name="echoPersonRequest">
+
+      <wsdl:part name="p" type="tns1:Person"/>
+
+   </wsdl:message>
+
+   <wsdl:portType name="EchoService">
+
+      <wsdl:operation name="echoString" parameterOrder="e">
+
+         <wsdl:input message="impl:echoStringRequest" name="echoStringRequest"/>
+
+         <wsdl:output message="impl:echoStringResponse" name="echoStringResponse"/>
+
+         <wsdl:fault message="impl:EchoServiceException" name="EchoServiceException"/>
+
+      </wsdl:operation>
+
+      <wsdl:operation name="echoPerson" parameterOrder="p">
+
+         <wsdl:input message="impl:echoPersonRequest" name="echoPersonRequest"/>
+
+         <wsdl:output message="impl:echoPersonResponse" name="echoPersonResponse"/>
+
+         <wsdl:fault message="impl:EchoServiceException" name="EchoServiceException"/>
+
+      </wsdl:operation>
+
+   </wsdl:portType>
+
+   <wsdl:binding name="echoSoapBinding" type="impl:EchoService">
+
+      <wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
+
+      <wsdl:operation name="echoString">
+
+         <wsdlsoap:operation soapAction=""/>
+
+         <wsdl:input name="echoStringRequest">
+
+            <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:service.EchoService" use="encoded"/>
+
+         </wsdl:input>
+
+         <wsdl:output name="echoStringResponse">
+
+            <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://212.24.157.117:8080/axis/services/echo" use="encoded"/>
+
+         </wsdl:output>
+
+         <wsdl:fault name="EchoServiceException">
+
+            <wsdlsoap:fault encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" name="EchoServiceException" namespace="urn:service.EchoService" use="encoded"/>
+
+         </wsdl:fault>
+
+      </wsdl:operation>
+
+      <wsdl:operation name="echoPerson">
+
+         <wsdlsoap:operation soapAction=""/>
+
+         <wsdl:input name="echoPersonRequest">
+
+            <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://service" use="encoded"/>
+
+         </wsdl:input>
+
+         <wsdl:output name="echoPersonResponse">
+
+            <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://212.24.157.117:8080/axis/services/echo" use="encoded"/>
+
+         </wsdl:output>
+
+         <wsdl:fault name="EchoServiceException">
+
+            <wsdlsoap:fault encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" name="EchoServiceException" namespace="http://212.24.157.117:8080/axis/services/echo" use="encoded"/>
+
+         </wsdl:fault>
+
+      </wsdl:operation>
+
+   </wsdl:binding>
+
+   <wsdl:service name="EchoServiceService">
+
+      <wsdl:port binding="impl:echoSoapBinding" name="echo">
+
+         <wsdlsoap:address location="http://212.24.157.117:8080/axis/services/echo"/>
+
+      </wsdl:port>
+
+   </wsdl:service>
+
+</wsdl:definitions>