package.xml merge=touch
php_http.h merge=touch
.travis.yml merge=touch
+/tests/data/bug71719.bin -diff -text
* let the message body be a simple query string unless files are added
* php_http_message_serialize reverses the chain twice; remove that
-* CURLOPT_PROXY_HEADER and CURLOPT_HEADEROPT
\ No newline at end of file
+* CURLOPT_PROXY_HEADER and CURLOPT_HEADEROPT
+* CURLMOPT_PIPELINING changed to a bitmask
\ No newline at end of file
ZVAL_BOOL(&opt->defval, 1);
opt->setter = php_http_curle_option_set_ssl_verifyhost;
}
-#if PHP_HTTP_CURL_VERSION(7,41,0)
+#if PHP_HTTP_CURL_VERSION(7,41,0) && (defined(PHP_HTTP_HAVE_OPENSSL) || defined(PHP_HTTP_HAVE_NSS) || defined(PHP_HTTP_HAVE_GNUTLS))
php_http_option_register(registry, ZEND_STRL("verifystatus"), CURLOPT_SSL_VERIFYSTATUS, _IS_BOOL);
#endif
php_http_option_register(registry, ZEND_STRL("cipher_list"), CURLOPT_SSL_CIPHER_LIST, IS_STRING);
REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_1_1", CURL_HTTP_VERSION_1_1, CONST_CS|CONST_PERSISTENT);
#if PHP_HTTP_CURL_VERSION(7,33,0)
REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_2_0", CURL_HTTP_VERSION_2_0, CONST_CS|CONST_PERSISTENT);
+#endif
+#if PHP_HTTP_CURL_VERSION(7,47,0)
+ REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_2TLS", CURL_HTTP_VERSION_2TLS, CONST_CS|CONST_PERSISTENT);
#endif
REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_ANY", CURL_HTTP_VERSION_NONE, CONST_CS|CONST_PERSISTENT);
case '7': case '8': case '9':
case '+': case '-': case '.':
if (state->ptr == tmp) {
- return tmp;
+ goto softfail;
}
/* no break */
case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G':
default:
if (!(mb = parse_mb(state, PARSE_SCHEME, state->ptr, state->end, tmp, 1))) {
- /* soft fail; parse path next */
- return tmp;
+ goto softfail;
}
state->ptr += mb - 1;
}
} while (++state->ptr != state->end);
+softfail:
+ state->offset = 0;
return state->ptr = tmp;
}
php_http_url_t *php_http_url_parse(const char *str, size_t len, unsigned flags)
{
- size_t maxlen = 3 * len;
+ size_t maxlen = 3 * len + 8 /* null bytes for all components */;
struct parse_state *state = ecalloc(1, sizeof(*state) + maxlen);
state->end = str + len;
--- /dev/null
+--TEST--
+Buffer overflow in HTTP url parsing functions
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+
+echo "Test\n";
+try {
+ echo new http\Message(file_get_contents(__DIR__."/data/bug71719.bin"), false);
+} catch (Exception $e) {
+ echo $e;
+}
+?>
+
+===DONE===
+--EXPECTF--
+Test
+%r(exception ')?%rhttp\Exception\BadMessageException%r(' with message '|: )%rhttp\Message::__construct(): Could not parse HTTP protocol version 'HTTP/%s.0'%r'?%r in %sbug71719.php:5
+Stack trace:
+#0 %sbug71719.php(5): http\Message->__construct('\x80\xACTd 5 HTTP/1.1...', false)
+#1 {main}
+===DONE===