PTR_SET(PHP_HTTP_INFO(i).request.method, NULL);
PTR_SET(PHP_HTTP_INFO(i).request.url, NULL);
break;
--
++
case PHP_HTTP_RESPONSE:
PTR_SET(PHP_HTTP_INFO(i).response.status, NULL);
break;
--
++
default:
break;
}
}
}
-php_http_info_t *php_http_info_parse(php_http_info_t *info, const char *pre_header TSRMLS_DC)
+php_http_info_t *php_http_info_parse(php_http_info_t *info, const char *pre_header)
{
- const char *end, *http;
+ const char *end, *http, *off;
zend_bool free_info = !info;
--
++
/* sane parameter */
if ((!pre_header) || (!*pre_header)) {
return NULL;
}
--
++
/* where's the end of the line */
if (!(end = php_http_locate_eol(pre_header, NULL))) {
end = pre_header + strlen(pre_header);
}
--
++
/* there must be HTTP/1.x in the line */
if (!(http = php_http_locate_str(pre_header, end - pre_header, "HTTP/", lenof("HTTP/")))) {
return NULL;
}
--
- info = php_http_info_init(info TSRMLS_CC);
+
- if (!php_http_version_parse(&info->http.version, http TSRMLS_CC)) {
+ info = php_http_info_init(info);
+
- /* and nothing than SPACE or NUL after HTTP/X.x */
- if (!php_http_version_parse(&info->http.version, http)
- || (http[lenof("HTTP/X.x")] && (!PHP_HTTP_IS_CTYPE(space, http[lenof("HTTP/X.x")])))) {
++ if (!php_http_version_parse(&info->http.version, http)) {
+ if (free_info) {
+ php_http_info_free(&info);
+ }
+ return NULL;
+ }
+
+ /* clumsy fix for changed libcurl behaviour in 7.49.1, see https://github.com/curl/curl/issues/888 */
+ off = &http[lenof("HTTP/X")];
+ if (info->http.version.major < 2) {
+ off += 2;
+ }
+
+ /* and nothing than SPACE or NUL after HTTP/X(.x) */
+ if (*off && (!PHP_HTTP_IS_CTYPE(space, *off))) {
if (free_info) {
php_http_info_free(&info);
}
/* is response */
if (pre_header == http) {
- const char *status = NULL, *code = http + sizeof("HTTP/X.x");
-
+ const char *status = NULL, *code = off;
-
++
info->type = PHP_HTTP_RESPONSE;
- while (' ' == *code) ++code;
+ while (code < end && ' ' == *code) ++code;
- if (code && end > code) {
+ if (end > code) {
/* rfc7230#3.1.2 The status-code element is a 3-digit integer code */
PHP_HTTP_INFO(info).response.code = 100*(*code++ - '0');
PHP_HTTP_INFO(info).response.code += 10*(*code++ - '0');
} else {
PHP_HTTP_INFO(info).response.status = NULL;
}
--
++
return info;
}
--
++
/* is request */
- else if (*(http - 1) == ' ' && (!http[lenof("HTTP/X.x")] || http[lenof("HTTP/X.x")] == '\r' || http[lenof("HTTP/X.x")] == '\n')) {
+ else if (*(http - 1) == ' ' && (!*off || *off == '\r' || *off == '\n')) {
const char *url = strchr(pre_header, ' ');
--
++
info->type = PHP_HTTP_REQUEST;
if (url && http > url) {
size_t url_len = url - pre_header;
PHP_HTTP_INFO(info).request.method = NULL;
PHP_HTTP_INFO(info).request.url = NULL;
}
--
++
return info;
}
php_http_buffer_cut(&prefix, keybuf->used, prefix.used - keybuf->used);
}
+ ZEND_HASH_FOREACH_END();
+ ZEND_HASH_DEC_APPLY_COUNT(ht);
+
php_http_buffer_dtor(&prefix);
}
- --ht->nApplyCount;
}
-static inline void sanitize_key(unsigned flags, char *str, size_t len, zval *zv, zend_bool *rfc5987 TSRMLS_DC)
+static inline void sanitize_key(unsigned flags, const char *str, size_t len, zval *zv, zend_bool *rfc5987)
{
char *eos;
+ zend_string *zs = zend_string_init(str, len, 0);
zval_dtor(zv);
- php_trim(str, len, NULL, 0, zv, 3 TSRMLS_CC);
+ ZVAL_STR(zv, php_trim(zs, NULL, 0, 3));
+ zend_string_release(zs);
if (flags & PHP_HTTP_PARAMS_ESCAPED) {
- sanitize_escaped(zv TSRMLS_CC);
+ sanitize_escaped(zv);
}
--
++
if (!Z_STRLEN_P(zv)) {
return;
}
*current_param = ptr;
}
-static void push_param(HashTable *params, php_http_params_state_t *state, const php_http_params_opts_t *opts TSRMLS_DC)
+static void push_param(HashTable *params, php_http_params_state_t *state, const php_http_params_opts_t *opts)
{
if (state->val.str) {
- if (0 < (state->val.len = state->input.str - state->val.str)) {
+ if (!state->current.val) {
+ return;
+ } else if (0 < (state->val.len = state->input.str - state->val.str)) {
- sanitize_value(opts->flags, state->val.str, state->val.len, *(state->current.val), state->rfc5987 TSRMLS_CC);
+ sanitize_value(opts->flags, state->val.str, state->val.len, state->current.val, state->rfc5987);
} else {
- ZVAL_EMPTY_STRING(*(state->current.val));
+ ZVAL_EMPTY_STRING(state->current.val);
}
state->rfc5987 = 0;
} else if (state->arg.str) {
if (state->quotes || state->escape) {
return 0;
}
--
++
if (sep) while (*sep) {
if (check_str(state->input.str, state->input.len, (*sep)->str, (*sep)->len)) {
return (*sep)->len;
} else {
state.escape = (*state.input.str == '\\');
}
--
++
if (!state.param.str) {
/* initialize */
- skip_sep(0, &state, opts->param, opts->arg, opts->val TSRMLS_CC);
+ skip_sep(0, &state, opts->param, opts->arg, opts->val);
state.param.str = state.input.str;
} else {
size_t sep_len;
}
}
}
--
++
if (state.input.len) {
++state.input.str;
--state.input.len;
major = *ptr++ - '0';
if (major >= 0 && major <= 9) {
separator = *ptr++;
- if (separator) {
- if (separator != '.' && separator != ',') {
- php_error_docref(NULL, E_NOTICE, "Non-standard version separator '%c' in HTTP protocol version '%s'", separator, ptr - 2);
- }
+ switch (separator) {
+ default:
- php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Non-standard version separator '%c' in HTTP protocol version '%s'", separator, ptr - 2);
++ php_error_docref(NULL, E_NOTICE, "Non-standard version separator '%c' in HTTP protocol version '%s'", separator, ptr - 2);
+ /* no break */
+ case '.':
+ case ',':
minor = *ptr - '0';
- if (minor >= 0 && minor <= 9) {
- return php_http_version_init(v, major, minor);
+ break;
+
+ case ' ':
+ if (major > 1) {
+ minor = 0;
+ } else {
+ goto error;
}
}
- return php_http_version_init(v, major, minor TSRMLS_CC);
+ if (minor >= 0 && minor <= 9) {
++ return php_http_version_init(v, major, minor);
+ }
}
}
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not parse HTTP protocol version '%s'", str);
+ error:
+ php_error_docref(NULL, E_WARNING, "Could not parse HTTP protocol version '%s'", str);
return NULL;
}
--- /dev/null
-$url0=new http\Url($urls[0]);
+ --TEST--
+ Null pointer deref in sanitize_value
+ --SKIPIF--
+ <?php
+ include "skipif.inc";
+ ?>
+ --FILE--
+ <?php
+ echo "Test\n";
+
+ $urls = [
+ "",
+ "? = ="
+ ];
+
++$url0=new http\Url($urls[0], null, http\Url::FROM_ENV);
+ $url1=$url0->mod($urls[1]);
+
+ echo $url1;
+
+ ?>
+
+ ===DONE===
+ --EXPECTF--
+ Test
+ http://%s/
+ ===DONE===
projects / m6w6 / ext-http / commitdiff
