Skip to content

Commit 0c136a2

Browse files
dstogovdstogov
committed
Added type checks
1 parent d5248f6 commit 0c136a2

File tree

3 files changed

+46
-27
lines changed

3 files changed

+46
-27
lines changed

ext/soap/php_encoding.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3649,18 +3649,21 @@ static encodePtr get_array_type(xmlNodePtr node, zval *array, smart_str *type TS
36493649
Z_OBJCE_PP(tmp) == soap_var_class_entry) {
36503650
zval **ztype;
36513651

3652-
if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) {
3652+
if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE ||
3653+
Z_TYPE_PP(ztype) != IS_LONG) {
36533654
soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property");
36543655
}
36553656
cur_type = Z_LVAL_PP(ztype);
36563657

3657-
if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS) {
3658+
if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS &&
3659+
Z_TYPE_PP(ztype) == IS_STRING) {
36583660
cur_stype = Z_STRVAL_PP(ztype);
36593661
} else {
36603662
cur_stype = NULL;
36613663
}
36623664

3663-
if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS) {
3665+
if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS &&
3666+
Z_TYPE_PP(ztype) == IS_STRING) {
36643667
cur_ns = Z_STRVAL_PP(ztype);
36653668
} else {
36663669
cur_ns = NULL;

ext/soap/php_http.c

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -36,14 +36,16 @@ int proxy_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)
3636
{
3737
zval **login, **password;
3838

39-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS) {
39+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS &&
40+
Z_TYPE_PP(login) == IS_STRING) {
4041
unsigned char* buf;
4142
int len;
4243
smart_str auth = {0};
4344

4445
smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login));
4546
smart_str_appendc(&auth, ':');
46-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS) {
47+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS &&
48+
Z_TYPE_PP(password) == IS_STRING) {
4749
smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password));
4850
}
4951
smart_str_0(&auth);
@@ -64,14 +66,16 @@ int basic_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)
6466
zval **login, **password;
6567

6668
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login"), (void **)&login) == SUCCESS &&
67-
!zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) {
69+
Z_TYPE_PP(login) == IS_STRING &&
70+
!zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) {
6871
unsigned char* buf;
6972
int len;
7073
smart_str auth = {0};
7174

7275
smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login));
7376
smart_str_appendc(&auth, ':');
74-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS) {
77+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS &&
78+
Z_TYPE_PP(password) == IS_STRING) {
7579
smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password));
7680
}
7781
smart_str_0(&auth);
@@ -509,6 +513,7 @@ int make_http_soap_request(zval *this_ptr,
509513
}
510514
if (!http_1_1 ||
511515
(zend_hash_find(Z_OBJPROP_P(this_ptr), "_keep_alive", sizeof("_keep_alive"), (void **)&tmp) == SUCCESS &&
516+
(Z_TYPE_PP(tmp) == IS_BOOL || Z_TYPE_PP(tmp) == IS_LONG) &&
512517
Z_LVAL_PP(tmp) == 0)) {
513518
smart_str_append_const(&soap_headers, "\r\n"
514519
"Connection: close\r\n");
@@ -742,7 +747,8 @@ int make_http_soap_request(zval *this_ptr,
742747
}
743748

744749
/* Send cookies along with request */
745-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) {
750+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS &&
751+
Z_TYPE_PP(cookies) == IS_ARRAY) {
746752
zval **data;
747753
char *key;
748754
int i, n;
@@ -785,7 +791,7 @@ int make_http_soap_request(zval *this_ptr,
785791
smart_str_append_const(&soap_headers, "\r\n");
786792
smart_str_0(&soap_headers);
787793
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&
788-
Z_LVAL_PP(trace) > 0) {
794+
(Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {
789795
add_property_stringl(this_ptr, "__last_request_headers", soap_headers.c, soap_headers.len, 1);
790796
}
791797
smart_str_appendl(&soap_headers, request, request_size);
@@ -830,7 +836,7 @@ int make_http_soap_request(zval *this_ptr,
830836
}
831837

832838
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&
833-
Z_LVAL_PP(trace) > 0) {
839+
(Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {
834840
add_property_stringl(this_ptr, "__last_response_headers", http_headers, http_header_size, 1);
835841
}
836842

@@ -879,7 +885,8 @@ int make_http_soap_request(zval *this_ptr,
879885
char *eqpos, *sempos;
880886
zval **cookies;
881887

882-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) {
888+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE ||
889+
Z_TYPE_PP(cookies) != IS_ARRAY) {
883890
zval *tmp_cookies;
884891
MAKE_STD_ZVAL(tmp_cookies);
885892
array_init(tmp_cookies);

ext/soap/soap.c

Lines changed: 25 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2554,7 +2554,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act
25542554
}
25552555

25562556
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&
2557-
Z_LVAL_PP(trace) > 0) {
2557+
(Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {
25582558
add_property_stringl(this_ptr, "__last_request", buf, buf_size, 1);
25592559
}
25602560

@@ -2594,7 +2594,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act
25942594
}
25952595
ret = FALSE;
25962596
} else if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&
2597-
Z_LVAL_PP(trace) > 0) {
2597+
(Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {
25982598
add_property_stringl(this_ptr, "__last_response", Z_STRVAL_P(response), Z_STRLEN_P(response), 1);
25992599
}
26002600
xmlFree(buf);
@@ -2633,13 +2633,13 @@ static void do_soap_call(zval* this_ptr,
26332633

26342634
SOAP_CLIENT_BEGIN_CODE();
26352635

2636-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS
2637-
&& Z_LVAL_PP(trace) > 0) {
2636+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&
2637+
(Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {
26382638
zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"));
26392639
zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"));
26402640
}
2641-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS
2642-
&& Z_LVAL_PP(tmp) == SOAP_1_2) {
2641+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS &&
2642+
Z_TYPE_PP(tmp) == IS_LONG && Z_LVAL_PP(tmp) == SOAP_1_2) {
26432643
soap_version = SOAP_1_2;
26442644
} else {
26452645
soap_version = SOAP_1_1;
@@ -2735,7 +2735,7 @@ static void do_soap_call(zval* this_ptr,
27352735
zval **uri;
27362736
smart_str action = {0};
27372737

2738-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE) {
2738+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE || Z_TYPE_PP(uri) != IS_STRING) {
27392739
add_soap_fault(this_ptr, "Client", "Error finding \"uri\" property", NULL, NULL TSRMLS_CC);
27402740
} else if (location == NULL) {
27412741
add_soap_fault(this_ptr, "Client", "Error could not find \"location\" property", NULL, NULL TSRMLS_CC);
@@ -3006,7 +3006,8 @@ PHP_METHOD(SoapClient, __getLastRequest)
30063006
return;
30073007
}
30083008

3009-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS) {
3009+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS &&
3010+
Z_TYPE_PP(tmp) == IS_STRING) {
30103011
RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);
30113012
}
30123013
RETURN_NULL();
@@ -3024,7 +3025,8 @@ PHP_METHOD(SoapClient, __getLastResponse)
30243025
return;
30253026
}
30263027

3027-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS) {
3028+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS &&
3029+
Z_TYPE_PP(tmp) == IS_STRING) {
30283030
RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);
30293031
}
30303032
RETURN_NULL();
@@ -3042,7 +3044,8 @@ PHP_METHOD(SoapClient, __getLastRequestHeaders)
30423044
return;
30433045
}
30443046

3045-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS) {
3047+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS &&
3048+
Z_TYPE_PP(tmp) == IS_STRING) {
30463049
RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);
30473050
}
30483051
RETURN_NULL();
@@ -3060,7 +3063,8 @@ PHP_METHOD(SoapClient, __getLastResponseHeaders)
30603063
return;
30613064
}
30623065

3063-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS) {
3066+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS &&
3067+
Z_TYPE_PP(tmp) == IS_STRING) {
30643068
RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);
30653069
}
30663070
RETURN_NULL();
@@ -3116,13 +3120,15 @@ PHP_METHOD(SoapClient, __setCookie)
31163120
}
31173121

31183122
if (val == NULL) {
3119-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) {
3123+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS &&
3124+
Z_TYPE_PP(cookies) == IS_ARRAY) {
31203125
zend_hash_del(Z_ARRVAL_PP(cookies), name, name_len+1);
31213126
}
31223127
} else {
31233128
zval *zcookie;
31243129

3125-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) {
3130+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE ||
3131+
Z_TYPE_PP(cookies) != IS_ARRAY) {
31263132
zval *tmp_cookies;
31273133

31283134
MAKE_STD_ZVAL(tmp_cookies);
@@ -3150,7 +3156,8 @@ PHP_METHOD(SoapClient, __getCookies)
31503156

31513157
array_init(return_value);
31523158

3153-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) != FAILURE) {
3159+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) != FAILURE &&
3160+
Z_TYPE_PP(cookies) == IS_ARRAY) {
31543161
zend_hash_copy(Z_ARRVAL_P(return_value), Z_ARRVAL_P(*cookies), (copy_ctor_func_t) zval_add_ref, (void *)&tmp, sizeof(zval*));
31553162
}
31563163
}
@@ -4237,7 +4244,8 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function
42374244
}
42384245
}
42394246
} else {
4240-
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS) {
4247+
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS &&
4248+
Z_TYPE_PP(zstyle) == IS_LONG) {
42414249
style = Z_LVAL_PP(zstyle);
42424250
} else {
42434251
style = SOAP_RPC;
@@ -4260,7 +4268,7 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function
42604268
}
42614269

42624270
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "use", sizeof("use"), (void **)&zuse) == SUCCESS &&
4263-
Z_LVAL_PP(zuse) == SOAP_LITERAL) {
4271+
Z_TYPE_PP(zuse) == IS_LONG && Z_LVAL_PP(zuse) == SOAP_LITERAL) {
42644272
use = SOAP_LITERAL;
42654273
} else {
42664274
use = SOAP_ENCODED;
@@ -4390,6 +4398,7 @@ static xmlNodePtr serialize_parameter(sdlParamPtr param, zval *param_val, int in
43904398
zval **param_data;
43914399

43924400
if (zend_hash_find(Z_OBJPROP_P(param_val), "param_name", sizeof("param_name"), (void **)&param_name) == SUCCESS &&
4401+
Z_TYPE_PP(param_name) == IS_STRING &&
43934402
zend_hash_find(Z_OBJPROP_P(param_val), "param_data", sizeof("param_data"), (void **)&param_data) == SUCCESS) {
43944403
param_val = *param_data;
43954404
name = Z_STRVAL_PP(param_name);

0 commit comments

Comments
 (0)