Two issues:
1) We should not modify the object when we pass invalid values
2) We should reset the properties to their default value otherwise we
get a UAF.
Regressed in df219ccf9d
Closes GH-15248.
RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
WWW-Authenticate header, which may have been the source of the confusion
in the implementation. While the version with quotes seems to work fine
in some cases, clearly not all servers accept the non-standard form.
To fix the issue, simply removing the quotes of those two header fields
of the client request to be in line with the RFC suffices.
I refer further to example 3.5 in RFC 2617 and example 3.9.1 in
RFC 7616.
RFC 2617: https://datatracker.ietf.org/doc/html/rfc2617
RFC 7616: https://datatracker.ietf.org/doc/html/rfc7616
Closes GH-14328.
The do_request() function that calls this methods, assumes that a string is being returned from the method
otherwise it bails out.
However, the default implementation of SoapClient::__doRequest() indicates that it can return null when it
fails to set-up and execute the HTTP SOAP request, but this always results in a SoapFault exception being
thrown, and thus cannot happen in practice.
We need to investigate further if the return type should be changed from ?string to string or not.
There's a hash table that maps type names to class name, but names with
a leading backslash are not supported. The engine has logic to strip
away the leading backslash that we should replicate here.
It works by checking if we need to make an actual copy in case an
unexpected (e.g. invalid data or leading backslash) situations are
detected. Upon making a copy we normalize the data in the table.
Furthermore, previously the code assumed that the key was always valid
and that the structure was a non-packed hash table. This isn't
necessarily the case. The new code fixes this as well.
Closes GH-14398.
This adds an optional dependency on the session extension and adds the
necessary APIs to make the functionality work with lazy binding.
This can be tested by configuring PHP with `--enable-session=shared` and
`--enable-soap=shared` and running the test suite, in particular the
buggy behaviour can be observed by the existing test `server009.phpt`.
The naming of the userland functions is terrible and confused me.
gzdecode() is actually the function to decompress a gzip stream, and
gzuncompress() is the one to decompress a deflate stream...
See zlib.c to see the internal function -> type mapping.
The incorrect functions are being called to deal with incoming
compressed data.
gzip/x-gzip corresponds to gzuncompress(), while deflate corresponds to
gzinflate().
The existing code for gzip compression also plays with removing the
first 10 bytes (i.e. the gzip header) to pass it to the inflate
implementation but that doesn't always work properly due to trailer
data. Get rid of that entirely by using the correct functions.
Closes GH-14321.
These cause test failures when we migrate resources to objects. But anyway, hardcoding the object IDs and the number of properties is hardly ever useful, so it's fine to get rid of them.
Related to #14121
These cause test failures when we migrate resources to objects. But anyway, hardcoding the object IDs and the number of properties is hardly ever useful, so it's fine to get rid of them.
Related to #14121
The problem is that in the testcase, the session is started before the
parent class is loaded. This causes an incomplete class in the session
storage. Then in the soap code the check
`Z_OBJCE_P(tmp_soap_p) == service->soap_class.ce` fails because it is
the incomplete class. It is a silent failure.
We cannot fix this easily. But we should let the user know something is
wrong, because it leaves them confused otherwise. So emit an error to
let them know and suggest a fix.
Closes GH-12540.
Setting the stream context via php_stream_context_to_zval() will
increase the reference count. So if the new context is created, then it
will end up with a reference count of 2 while it should be 1.
Credits to cmb for the analysis. I arrived at the same patch as he did.
Closes GH-12523.
There are two issues:
- UAF because the hashmap resized while being iterated over, yet the local
variables used internally in the macros are not updated.
- The hashmap being iterated over is modified: entries are deleted after
other entries have been added. This causes the deletion to fail sometimes
because indices of buckets have shifted.
Fix it by using a while loop iteration and HashPosition position tracker
instead.
Issue exists on PHP 8.1 too, but is much harder to trigger.
The test file reproduces the issue reliably on PHP 8.2 and up.
Closes GH-12409.
Gina Peter Banyard