Home Original page

crash on failed connection when curl_getinfo() was called

Bug #22312 crash on failed connection when curl_getinfo() was called
Submitted: 2003-02-19 18:18 UTC Modified: 2003-02-28 01:36 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: poleson at verio dot net Assigned:
Status: Closed Package: cURL related
PHP Version: 5CVS-2003-02-19 (dev) OS: FreeBSD 4.4
Private report: No CVE-ID: None

 [2003-02-19 18:18 UTC] poleson at verio dot net

This actually applicable to ALL revisions of php. It is 
valid for curl to return a NULL s_code value in some 
situations. When add_assoc_string_ex() attempts to create
the value in the array in this situation, a coredump is 
created. Better error checking is needed in this function.
The patch included provides better checking and fixes the
crash by not including content_type when it isnt a valid 
return type in these situation.

This patch is for CVS current though it is the same in 4.3.1
but in curl.c instead.

Patch included:
----------------------------------------------------------

--- interface.c.old Tue Feb 18 07:45:00 2003
+++ interface.c    Wed Feb 19 16:48:42 2003
@@ -1101,46 +1101,68 @@

                array_init(return_value);

-               curl_easy_getinfo(ch->cp, CURLINFO_EFFECTIVE_URL, &s_code);
-               CAAS("url", s_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_CONTENT_TYPE, &s_code);
-               CAAS("content_type", s_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_HTTP_CODE, &l_code);
-               CAAL("http_code", l_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_HEADER_SIZE, &l_code);
-               CAAL("header_size", l_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_REQUEST_SIZE, &l_code);
-               CAAL("request_size", l_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_FILETIME, &l_code);
-               CAAL("filetime", l_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_SSL_VERIFYRESULT, &l_code);
-               CAAL("ssl_verify_result", l_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_REDIRECT_COUNT, &l_code);
-               CAAL("redirect_count", l_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_TOTAL_TIME, &d_code);
-               CAAD("total_time", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_NAMELOOKUP_TIME, &d_code);
-               CAAD("namelookup_time", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_CONNECT_TIME, &d_code);
-               CAAD("connect_time", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_PRETRANSFER_TIME, &d_code);
-               CAAD("pretransfer_time", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_SIZE_UPLOAD, &d_code);
-               CAAD("size_upload", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_SIZE_DOWNLOAD, &d_code);
-               CAAD("size_download", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_SPEED_DOWNLOAD, &d_code);
-               CAAD("speed_download", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_SPEED_UPLOAD, &d_code);
-               CAAD("speed_upload", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d_code);
-               CAAD("download_content_length", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_CONTENT_LENGTH_UPLOAD, &d_code);
-               CAAD("upload_content_length", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_STARTTRANSFER_TIME, &d_code);
-               CAAD("starttransfer_time", d_code);
-               curl_easy_getinfo(ch->cp, CURLINFO_REDIRECT_TIME, &d_code);
-               CAAD("redirect_time", d_code);
+               if (curl_easy_getinfo(ch->cp, CURLINFO_EFFECTIVE_URL, &s_code) == CURLE_OK) {
+                       CAAS("url", s_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_CONTENT_TYPE, &s_code) == CURLE_OK) {
+                       if ( s_code != NULL ) {
+                               CAAS("content_type", s_code);
+                       }
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_HTTP_CODE, &l_code) == CURLE_OK) {
+                       CAAL("http_code", l_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_HEADER_SIZE, &l_code) == CURLE_OK) {
+                       CAAL("header_size", l_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_REQUEST_SIZE, &l_code) == CURLE_OK) {
+                       CAAL("request_size", l_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_FILETIME, &l_code) == CURLE_OK) {
+                       CAAL("filetime", l_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_SSL_VERIFYRESULT, &l_code) == CURLE_OK) {
+                       CAAL("ssl_verify_result", l_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_REDIRECT_COUNT, &l_code) == CURLE_OK) {
+                       CAAL("redirect_count", l_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_TOTAL_TIME, &d_code) == CURLE_OK) {
+                       CAAD("total_time", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_NAMELOOKUP_TIME, &d_code) == CURLE_OK) {
+                       CAAD("namelookup_time", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_CONNECT_TIME, &d_code) == CURLE_OK) {
+                       CAAD("connect_time", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_PRETRANSFER_TIME, &d_code) == CURLE_OK) {
+                       CAAD("pretransfer_time", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_SIZE_UPLOAD, &d_code) == CURLE_OK) {
+                       CAAD("size_upload", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_SIZE_DOWNLOAD, &d_code) == CURLE_OK) {
+                       CAAD("size_download", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_SPEED_DOWNLOAD, &d_code) == CURLE_OK) {
+                       CAAD("speed_download", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_SPEED_UPLOAD, &d_code) == CURLE_OK) {
+                       CAAD("speed_upload", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d_code) == CURLE_OK) {
+                       CAAD("download_content_length", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_CONTENT_LENGTH_UPLOAD, &d_code) == CURLE_OK) {
+                       CAAD("upload_content_length", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_STARTTRANSFER_TIME, &d_code) == CURLE_OK) {
+                       CAAD("starttransfer_time", d_code);
+               }
+               if (curl_easy_getinfo(ch->cp, CURLINFO_REDIRECT_TIME, &d_code) == CURLE_OK) {
+                       CAAD("redirect_time", d_code);
+               }
        } else {
                option = Z_LVAL_PP(zoption);
                switch (option) {

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2003-02-28 01:36 UTC] sniper@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


Almost forgot about this..patch committed.
Thanks!