Adapted for 5.4.16 From d5248f67b58ac3107fec82c5b937fc3f4c89784a Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 2 Mar 2015 12:27:36 +0300 Subject: [PATCH] Check variable type before its usage as IS_ARRAY. --- ext/soap/soap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/soap/soap.c b/ext/soap/soap.c index eaa57d9..8790605 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -2879,7 +2879,8 @@ PHP_METHOD(SoapClient, __call) } /* Add default headers */ - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS && + Z_TYPE_PP(tmp) == IS_ARRAY) { HashTable *default_headers = Z_ARRVAL_P(*tmp); if (soap_headers) { if (!free_soap_headers) { -- 2.1.4 From 0c136a2abd49298b66acb0cad504f0f972f5bfe8 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Tue, 3 Mar 2015 09:44:46 +0300 Subject: [PATCH] Added type checks --- ext/soap/php_encoding.c | 9 ++++++--- ext/soap/php_http.c | 23 +++++++++++++++-------- ext/soap/soap.c | 41 +++++++++++++++++++++++++---------------- 3 files changed, 46 insertions(+), 27 deletions(-) diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index 5e93b8a..fd9e367 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -3649,18 +3649,21 @@ static encodePtr get_array_type(xmlNodePtr node, zval *array, smart_str *type TS Z_OBJCE_PP(tmp) == soap_var_class_entry) { zval **ztype; - if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE || + Z_TYPE_PP(ztype) != IS_LONG) { soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property"); } cur_type = Z_LVAL_PP(ztype); - if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS && + Z_TYPE_PP(ztype) == IS_STRING) { cur_stype = Z_STRVAL_PP(ztype); } else { cur_stype = NULL; } - if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS && + Z_TYPE_PP(ztype) == IS_STRING) { cur_ns = Z_STRVAL_PP(ztype); } else { cur_ns = NULL; diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c index 9e74a7c..8c5082c 100644 --- a/ext/soap/php_http.c +++ b/ext/soap/php_http.c @@ -36,14 +36,16 @@ int proxy_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC) { zval **login, **password; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS && + Z_TYPE_PP(login) == IS_STRING) { unsigned char* buf; int len; smart_str auth = {0}; smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login)); smart_str_appendc(&auth, ':'); - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS && + Z_TYPE_PP(password) == IS_STRING) { smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password)); } smart_str_0(&auth); @@ -64,14 +66,16 @@ int basic_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC) zval **login, **password; if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login"), (void **)&login) == SUCCESS && - !zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) { + Z_TYPE_PP(login) == IS_STRING && + !zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) { unsigned char* buf; int len; smart_str auth = {0}; smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login)); smart_str_appendc(&auth, ':'); - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS && + Z_TYPE_PP(password) == IS_STRING) { smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password)); } smart_str_0(&auth); @@ -509,6 +513,7 @@ try_again: } if (!http_1_1 || (zend_hash_find(Z_OBJPROP_P(this_ptr), "_keep_alive", sizeof("_keep_alive"), (void **)&tmp) == SUCCESS && + (Z_TYPE_PP(tmp) == IS_BOOL || Z_TYPE_PP(tmp) == IS_LONG) && Z_LVAL_PP(tmp) == 0)) { smart_str_append_const(&soap_headers, "\r\n" "Connection: close\r\n"); @@ -742,7 +747,8 @@ try_again: } /* Send cookies along with request */ - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS && + Z_TYPE_PP(cookies) == IS_ARRAY) { zval **data; char *key; int i, n; @@ -785,7 +791,7 @@ try_again: smart_str_append_const(&soap_headers, "\r\n"); smart_str_0(&soap_headers); if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_request_headers", soap_headers.c, soap_headers.len, 1); } smart_str_appendl(&soap_headers, request, request_size); @@ -830,7 +836,7 @@ try_again: } if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_response_headers", http_headers, http_header_size, 1); } @@ -879,7 +885,8 @@ try_again: char *eqpos, *sempos; zval **cookies; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE || + Z_TYPE_PP(cookies) != IS_ARRAY) { zval *tmp_cookies; MAKE_STD_ZVAL(tmp_cookies); array_init(tmp_cookies); diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 8790605..9ec6347 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -2549,7 +2549,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act } if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_request", buf, buf_size, 1); } @@ -2589,7 +2589,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act } ret = FALSE; } else if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - Z_LVAL_PP(trace) > 0) { + (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_response", Z_STRVAL_P(response), Z_STRLEN_P(response), 1); } xmlFree(buf); @@ -2628,13 +2628,13 @@ static void do_soap_call(zval* this_ptr, SOAP_CLIENT_BEGIN_CODE(); - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS - && Z_LVAL_PP(trace) > 0) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && + (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request")); zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response")); } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS - && Z_LVAL_PP(tmp) == SOAP_1_2) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_LONG && Z_LVAL_PP(tmp) == SOAP_1_2) { soap_version = SOAP_1_2; } else { soap_version = SOAP_1_1; @@ -2730,7 +2730,7 @@ static void do_soap_call(zval* this_ptr, zval **uri; smart_str action = {0}; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE || Z_TYPE_PP(uri) != IS_STRING) { add_soap_fault(this_ptr, "Client", "Error finding \"uri\" property", NULL, NULL TSRMLS_CC); } else if (location == NULL) { add_soap_fault(this_ptr, "Client", "Error could not find \"location\" property", NULL, NULL TSRMLS_CC); @@ -3001,7 +3001,8 @@ PHP_METHOD(SoapClient, __getLastRequest) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3019,7 +3020,8 @@ PHP_METHOD(SoapClient, __getLastResponse) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3037,7 +3039,8 @@ PHP_METHOD(SoapClient, __getLastRequestHeaders) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3055,7 +3058,8 @@ PHP_METHOD(SoapClient, __getLastResponseHeaders) return; } - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); } RETURN_NULL(); @@ -3111,13 +3115,15 @@ PHP_METHOD(SoapClient, __setCookie) } if (val == NULL) { - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS && + Z_TYPE_PP(cookies) == IS_ARRAY) { zend_hash_del(Z_ARRVAL_PP(cookies), name, name_len+1); } } else { zval *zcookie; - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE || + Z_TYPE_PP(cookies) != IS_ARRAY) { zval *tmp_cookies; MAKE_STD_ZVAL(tmp_cookies); @@ -4166,7 +4172,8 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function } } } else { - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS && + Z_TYPE_PP(zstyle) == IS_LONG) { style = Z_LVAL_PP(zstyle); } else { style = SOAP_RPC; @@ -4189,7 +4196,7 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function } if (zend_hash_find(Z_OBJPROP_P(this_ptr), "use", sizeof("use"), (void **)&zuse) == SUCCESS && - Z_LVAL_PP(zuse) == SOAP_LITERAL) { + Z_TYPE_PP(zuse) == IS_LONG && Z_LVAL_PP(zuse) == SOAP_LITERAL) { use = SOAP_LITERAL; } else { use = SOAP_ENCODED; @@ -4350,6 +4357,7 @@ static xmlNodePtr serialize_parameter(sdlParamPtr param, zval *param_val, int in zval **param_data; if (zend_hash_find(Z_OBJPROP_P(param_val), "param_name", sizeof("param_name"), (void **)¶m_name) == SUCCESS && + Z_TYPE_PP(param_name) == IS_STRING && zend_hash_find(Z_OBJPROP_P(param_val), "param_data", sizeof("param_data"), (void **)¶m_data) == SUCCESS) { param_val = *param_data; name = Z_STRVAL_PP(param_name); -- 2.1.4 From c8eaca013a3922e8383def6158ece2b63f6ec483 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Tue, 3 Mar 2015 10:43:48 +0300 Subject: [PATCH] Added type checks --- ext/soap/php_encoding.c | 21 ++++++++++++++------- ext/soap/soap.c | 6 ++++-- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index fd9e367..31f1f7c 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -404,12 +404,15 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml encodePtr enc = NULL; HashTable *ht = Z_OBJPROP_P(data); - if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) { + if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE || + Z_TYPE_PP(ztype) != IS_LONG) { soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property"); } - if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) { - if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) { + if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && + Z_TYPE_PP(zstype) == IS_STRING) { + if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && + Z_TYPE_PP(zns) == IS_STRING) { enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); } else { zns = NULL; @@ -445,8 +448,10 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml } if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) { - if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) { - if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) { + if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && + Z_TYPE_PP(zstype) == IS_STRING) { + if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && + Z_TYPE_PP(zns) == IS_STRING) { set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); } else { set_ns_and_type_ex(node, NULL, Z_STRVAL_PP(zstype)); @@ -454,10 +459,12 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml } } - if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS) { + if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS && + Z_TYPE_PP(zname) == IS_STRING) { xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname))); } - if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS) { + if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS && + Z_TYPE_PP(zname) == IS_STRING) { xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens)); xmlSetNs(node, nsp); } diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 9ec6347..d460c17 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -3915,7 +3915,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function } if (version == SOAP_1_1) { - if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { + if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { size_t new_len; xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode")); char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); @@ -3940,7 +3941,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function } detail_name = "detail"; } else { - if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { + if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { size_t new_len; xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL); char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); -- 2.1.4 From 75f40ae1f3a7ca837d230f099627d121f9b3a32f Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Fri, 27 Mar 2015 18:40:58 +0300 Subject: [PATCH] Fixed bug #69293 --- ext/soap/php_encoding.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index 31f1f7c..13be2a5 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -464,7 +464,7 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname))); } if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS && - Z_TYPE_PP(zname) == IS_STRING) { + Z_TYPE_PP(znamens) == IS_STRING) { xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens)); xmlSetNs(node, nsp); } -- 2.1.4 From 997b7e56302710bb3db00b56d0629ac75d73a207 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Feb 2015 23:32:32 +0800 Subject: [PATCH] Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). --- NEWS | 4 ++++ ext/soap/soap.c | 6 +++--- ext/soap/tests/bugs/bug69085.phpt | 17 +++++++++++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 ext/soap/tests/bugs/bug69085.phpt diff --git a/ext/soap/tests/bugs/bug69085.phpt b/ext/soap/tests/bugs/bug69085.phpt new file mode 100644 index 0000000..cb27cfd --- /dev/null +++ b/ext/soap/tests/bugs/bug69085.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #69085 (SoapClient's __call() type confusion through unserialize()) +--SKIPIF-- + +--INI-- +soap.wsdl_cache_enabled=0 +--FILE-- +whatever(); +} catch (Exception $e) { + echo "okey"; +} +--EXPECT-- +okey -- 2.1.4 From ff70b40dc978f3f4c457f72a71bb43fd17ee360b Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 13 Apr 2015 14:39:11 +0200 Subject: [PATCH] fix type in fix for #69085 --- ext/soap/soap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 41aa1ad..1b8f545 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -2549,7 +2549,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act } if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_request", buf, buf_size, 1); } @@ -2589,7 +2589,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act } ret = FALSE; } else if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { add_property_stringl(this_ptr, "__last_response", Z_STRVAL_P(response), Z_STRLEN_P(response), 1); } xmlFree(buf); @@ -2629,7 +2629,7 @@ static void do_soap_call(zval* this_ptr, SOAP_CLIENT_BEGIN_CODE(); if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && - (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request")); zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response")); } -- 2.1.4