Better pointer check to avoid crashes
| Bug #27722 | Better pointer check to avoid crashes | ||||
|---|---|---|---|---|---|
| Submitted: | 2004-03-26 13:10 UTC | Modified: | 2004-04-01 08:37 UTC | ||
| From: | fjortiz at comunet dot es | Assigned: | dmitry (profile) | ||
| Status: | Closed | Package: | SOAP related | ||
| PHP Version: | 5.0.0RC1 | OS: | * | ||
| Private report: | No | CVE-ID: | None | ||
[2004-03-26 13:10 UTC] fjortiz at comunet dot es
Description: ------------ Hi, In my WSDL I defined a schema and forgot the attibute "targetNamespace". I know that's something you shoudn't forget, but, instead making Apache crash, wouldn't it be more robust to check for NULL pointers and send a gentle error? Fortunately I have a debug PHP5RC1 installed so I located the crash: php_schema.c line 1410 newType->namens = estrdup(ns->children->content); Sure it crashes, ns==NULL ... I guess it's the same problem for other retrieved elements/attributes. PHP-SOAP should be capable of trapping any unvalidated XML. If you are short of time I even offer myself to do some of that nasty pointer-check around. Thanks for your attention and your great efforts.
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2004-03-26 13:25 UTC] amt@php.net
[2004-03-30 03:27 UTC] fjortiz at comunet dot es
well, we could add in php_schema.c Line 190 if (tns==NULL) { php_error(E_ERROR, "SOAP-ERROR: Parsing Schema: need a 'targetNamespace' attribute"); } and that's all, but it's also true that targetNamespace is not mandatory at schema element AFAIK. Even more, we check for a targetNamespace attr. in a complexType element (line 1368) and others, when it does not validate properly. So I leave here this patch 189a190,191 > if (tns==NULL) { > php_error(E_ERROR, "SOAP-ERROR: Parsing Schema: need a 'targetNamespace' a > } to avoid crash, as PHP-SOAP needs it, but you may want to consider something different and create some kind of "default" or "absent" targetNamespace.[2004-04-01 08:37 UTC] dmitry@php.net