Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

ext/soap: Windows handles query strings differently #17468

Open
Girgias opened this issue Jan 14, 2025 · 1 comment
Open

ext/soap: Windows handles query strings differently #17468

Girgias opened this issue Jan 14, 2025 · 1 comment
Labels
Category: Tests Extension: soap OS: Windows

Comments

@Girgias
Copy link
Member

Girgias commented Jan 14, 2025

If I'm right, that would also happen on other OSs if ext/soap is built as shared library.

Nope, has nothing to do with shared libs – Windows specific issue.

The problem is that SoapServer expects "wsdl" as query string to deliver the WSDL. However, if a query string doesn't contain an equals sign, command line options are ignored on Windows. So either hack-around by making SoapServer more deliberate:

 ext/soap/soap.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 48a7fc8885..d7dfc4ecd5 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -1297,7 +1297,8 @@ PHP_METHOD(SoapServer, handle)
 	if (SG(request_info).request_method &&
 	    strcmp(SG(request_info).request_method, "GET") == 0 &&
 	    SG(request_info).query_string &&
-	    stricmp(SG(request_info).query_string, "wsdl") == 0) {
+	    (stricmp(SG(request_info).query_string, "wsdl") == 0 ||
+	     stricmp(SG(request_info).query_string, "wsdl=") == 0)) {
 
 		if (service->sdl) {
 /*

or apply a proper fix for the tests, namely to spawn a php-cgi process with the command line options, and then send a CGI request and verify the response. Certainly possible, but I'm not sure it's worth the effort.

Originally posted by @cmb69 in #17432 (comment)
@nielsdos
Copy link
Member

This is most likely a consequence of this security fix:

php-src/sapi/cgi/cgi_main.c

Lines 1801 to 1812 in 3337f22

/* Apache CGI will pass the query string to the command line if it doesn't contain a '='.
* This can create an issue where a malicious request can pass command line arguments to
* the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
* but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
* Therefore, this code only prevents passing arguments if the query string starts with a '-'.
* Similarly, scripts spawned in subprocesses on Windows may have the same issue.
* However, Windows has lots of conversion rules and command line parsing rules that
* are too difficult and dangerous to reliably emulate. */
if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
#ifdef PHP_WIN32
skip_getopt = cgi || fastcgi;
#else

Intuitively, I'd say the soap code right now is too restrictive because a query string like ?foo=bar&wsdl won't work either. But one would need to read the SOAP spec to see if that's allowed (funfun)

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Category: Tests Extension: soap OS: Windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cmb69 @nielsdos @Girgias