Write $http_response_header to local var at end

nikic · nikic · commit 5eeb4147705b · 2017-01-13T23:27:07.000+01:00
Rather than trying to modify it mid-request. The protection against
tampering that was used (addref) violates COW because an rc&gt;1 array
is being modified.

Test bug69337.phpt changed because it was testing tampering with
$http_response_header while the HTTP request is being executed.
This simply no longer matters, so behavior is the same as if no
tampering occurred.
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
@@ -107,9 +107,10 @@ static inline void strip_header(char *header_bag, char *lc_header_bag,
 	}
 }
 
-php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
+static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 		const char *path, const char *mode, int options, zend_string **opened_path,
-		php_stream_context *context, int redirect_max, int flags STREAMS_DC) /* {{{ */
+		php_stream_context *context, int redirect_max, int flags,
+		zval *response_header STREAMS_DC) /* {{{ */
 {
 	php_stream *stream = NULL;
 	php_url *resource = NULL;
@@ -119,7 +120,6 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 	char *ua_str = NULL;
 	zval *ua_zval = NULL, *tmpzval = NULL, ssl_proxy_peer_name;
 	char location[HTTP_HEADER_BLOCK_SIZE];
-	zval response_header;
 	int reqok = 0;
 	char *http_header_line = NULL;
 	char tmp_line[128];
@@ -137,11 +137,9 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 	zend_bool follow_location = 1;
 	php_stream_filter *transfer_encoding = NULL;
 	int response_code;
-	zend_array *symbol_table;
 	smart_str req_buf = {0};
 	zend_bool custom_request_method;
 
-	ZVAL_UNDEF(&response_header);
 	tmp_line[0] = '\0';
 
 	if (redirect_max < 1) {
@@ -659,22 +657,8 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 
 	location[0] = '\0';
 
-	symbol_table = zend_rebuild_symbol_table();
-
-	if (header_init) {
-		zval ztmp;
-		array_init(&ztmp);
-		zend_set_local_var_str("http_response_header", sizeof("http_response_header")-1, &ztmp, 0);
-	}
-
-	{
-		zval *response_header_ptr = zend_hash_str_find_ind(symbol_table, "http_response_header", sizeof("http_response_header")-1);
-		if (!response_header_ptr || Z_TYPE_P(response_header_ptr) != IS_ARRAY) {
-			ZVAL_UNDEF(&response_header);
-			goto out;
-		} else {
-			ZVAL_COPY(&response_header, response_header_ptr);
-		}
+	if (Z_ISUNDEF_P(response_header)) {
+		array_init(response_header);
 	}
 
 	if (!php_stream_eof(stream)) {
@@ -741,7 +725,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 				}
 			}
 			ZVAL_STRINGL(&http_response, tmp_line, tmp_line_len);
-			zend_hash_next_index_insert(Z_ARRVAL(response_header), &http_response);
+			zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_response);
 		}
 	} else {
 		php_stream_wrapper_log_error(wrapper, options, "HTTP request failed, unexpected end of socket!");
@@ -840,7 +824,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 			{
 				zval http_header;
 				ZVAL_STRINGL(&http_header, http_header_line, http_header_line_length);
-				zend_hash_next_index_insert(Z_ARRVAL(response_header), &http_header);
+				zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header);
 			}
 		} else {
 			break;
@@ -930,7 +914,9 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 				CHECK_FOR_CNTRL_CHARS(resource->pass)
 				CHECK_FOR_CNTRL_CHARS(resource->path)
 			}
-			stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, HTTP_WRAPPER_REDIRECTED STREAMS_CC);
+			stream = php_stream_url_wrap_http_ex(
+				wrapper, new_path, mode, options, opened_path, context,
+				--redirect_max, HTTP_WRAPPER_REDIRECTED, response_header STREAMS_CC);
 		} else {
 			php_stream_wrapper_log_error(wrapper, options, "HTTP request failed! %s", tmp_line);
 		}
@@ -949,7 +935,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 
 	if (stream) {
 		if (header_init) {
-			ZVAL_COPY(&stream->wrapperdata, &response_header);
+			ZVAL_COPY(&stream->wrapperdata, response_header);
 		}
 		php_stream_notify_progress_init(context, 0, file_size);
 
@@ -976,15 +962,28 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 		}
 	}
 
-	zval_ptr_dtor(&response_header);
-
 	return stream;
 }
 /* }}} */
 
 php_stream *php_stream_url_wrap_http(php_stream_wrapper *wrapper, const char *path, const char *mode, int options, zend_string **opened_path, php_stream_context *context STREAMS_DC) /* {{{ */
 {
-	return php_stream_url_wrap_http_ex(wrapper, path, mode, options, opened_path, context, PHP_URL_REDIRECT_MAX, HTTP_WRAPPER_HEADER_INIT STREAMS_CC);
+	php_stream *stream;
+	zval headers;
+	ZVAL_UNDEF(&headers);
+	
+	stream = php_stream_url_wrap_http_ex(
+		wrapper, path, mode, options, opened_path, context,
+		PHP_URL_REDIRECT_MAX, HTTP_WRAPPER_HEADER_INIT, &headers STREAMS_CC);
+
+	if (!Z_ISUNDEF(headers)) {
+		if (FAILURE == zend_set_local_var_str(
+				"http_response_header", sizeof("http_response_header")-1, &headers, 0)) {
+			zval_ptr_dtor(&headers);
+		}
+	}
+
+	return stream;
 }
 /* }}} */
 
diff --git a/ext/standard/tests/http/bug69337.phpt b/ext/standard/tests/http/bug69337.phpt
@@ -35,7 +35,6 @@ var_dump($f);
 ?>
 ==DONE==
 --EXPECTF--
-string(26) "HTTP/1.0 404 Not Found
-
-"
-==DONE==
+Warning: file_get_contents(http://127.0.0.1:22345/): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found%ain %s on line %d
+bool(false)
+==DONE==
