Unable to access to apache_request

Unable to access to apache_request_headers() elements

Bug #67594	Unable to access to apache_request_headers() elements
Submitted:	2014-07-09 12:00 UTC	Modified:	2014-07-11 07:18 UTC
From:	ohland_e at epitech dot net	Assigned:
Status:	Closed	Package:	Built-in web server
PHP Version:	5.5.14	OS:	Linux (archlinux)
Private report:	No	CVE-ID:	None

[2014-07-09 12:00 UTC] ohland_e at epitech dot net

Description:
------------
I cannot access to elements of an array returned by apache_request_headers() with the PHP embedded web server (ie: php -S localhost:8000) but I can see them when I var_dump() the array.

Test script:
---------------
<?php
header('Content-Type: text/plain');

$headers = apache_request_headers();

echo '$headers["Host"] = ';
var_dump($headers['Host']);

echo '$headers = ';
var_dump($headers);
?>

Expected result:
----------------
The following output is excepted:

$headers["Host"] = string(14) "localhost:8080"
$headers = array(8) {
  ["Host"]=>
  string(14) "localhost:8080"
  ["Connection"]=>
  string(10) "keep-alive"
  ["Cache-Control"]=>
  string(9) "max-age=0"
  ["Accept"]=>
  string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
  ["User-Agent"]=>
  string(105) "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
  ["DNT"]=>
  string(1) "1"
  ["Accept-Encoding"]=>
  string(17) "gzip,deflate,sdch"
  ["Accept-Language"]=>
  string(35) "en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4"
}

Actual result:
--------------
The "$headers['Host']" variable is not set and I got NULL. This happend for every element of the array.
Here is the actual output:

$headers["Host"] = NULL
$headers = array(8) {
  ["Host"]=>
  string(14) "localhost:8080"
  ["Connection"]=>
  string(10) "keep-alive"
  ["Cache-Control"]=>
  string(9) "max-age=0"
  ["Accept"]=>
  string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
  ["User-Agent"]=>
  string(105) "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
  ["DNT"]=>
  string(1) "1"
  ["Accept-Encoding"]=>
  string(17) "gzip,deflate,sdch"
  ["Accept-Language"]=>
  string(35) "en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4"
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-07-11 07:18 UTC] yohgaki@php.net

PHP 5.6 has this issue, too.

php_cli_server.c 
PHP_FUNCTION(apache_request_headers) /* {{{ */
{
	php_cli_server_client *client;
	HashTable *headers;
	char *key;
	uint key_len;
	char **value_pointer;
	HashPosition pos;

	if (zend_parse_parameters_none() == FAILURE) {
		return;
	}

	client = SG(server_context);
	headers = &client->request.headers_original_case;

	array_init_size(return_value, zend_hash_num_elements(headers));

	zend_hash_internal_pointer_reset_ex(headers, &pos);
	while (zend_hash_get_current_data_ex(headers, (void **)&value_pointer, &pos) == SUCCESS) {
		zend_hash_get_current_key_ex(headers, &key, &key_len, NULL, 0, &pos);
		add_assoc_string_ex(return_value, key, key_len, *value_pointer, 1);
		zend_hash_move_forward_ex(headers, &pos);
	}
}


key contains ':'. e.g. "Host:" and key_len is 5 in this case. It seems non-null terminated key is causing the problem. Zend hash does not matter if key data is null terminated or not, but it seems PHP assumes key is always terminated by null. Therefore, there is key mismatch and $header['Host'] is undefined. i.e. Zend hash has "Host:" as a key, not "Host\0".

Possible patch is blow, but I'm not sure if this is the best way to handle this.

[yohgaki@dev php-src]$ git diff
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 64cca0e..0c83b92 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -481,7 +481,7 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */
 {
        php_cli_server_client *client;
        HashTable *headers;
-       char *key;
+       char *key, *tmp;
        uint key_len;
        char **value_pointer;
        HashPosition pos;
@@ -498,7 +498,9 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */
        zend_hash_internal_pointer_reset_ex(headers, &pos);
        while (zend_hash_get_current_data_ex(headers, (void **)&value_pointer, &pos) == SUCCESS) {
                zend_hash_get_current_key_ex(headers, &key, &key_len, NULL, 0, &pos);
-               add_assoc_string_ex(return_value, key, key_len, *value_pointer, 1);
+               tmp = estrndup(key, key_len-1);
+               add_assoc_string_ex(return_value, tmp, key_len, *value_pointer, 1);
+               efree(tmp);
                zend_hash_move_forward_ex(headers, &pos);
        }
 }