Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ext/soap: Windows handles query strings differently #17468

Open
Girgias opened this issue Jan 14, 2025 · 1 comment
Open

ext/soap: Windows handles query strings differently #17468

Girgias opened this issue Jan 14, 2025 · 1 comment
Labels
Category: Tests Extension: soap OS: Windows

Comments

@Girgias
Copy link
Member

Girgias commented Jan 14, 2025

If I'm right, that would also happen on other OSs if ext/soap is built as shared library.

Nope, has nothing to do with shared libs – Windows specific issue.

The problem is that SoapServer expects "wsdl" as query string to deliver the WSDL. However, if a query string doesn't contain an equals sign, command line options are ignored on Windows. So either hack-around by making SoapServer more deliberate:

 ext/soap/soap.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 48a7fc8885..d7dfc4ecd5 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -1297,7 +1297,8 @@ PHP_METHOD(SoapServer, handle)
 	if (SG(request_info).request_method &&
 	    strcmp(SG(request_info).request_method, "GET") == 0 &&
 	    SG(request_info).query_string &&
-	    stricmp(SG(request_info).query_string, "wsdl") == 0) {
+	    (stricmp(SG(request_info).query_string, "wsdl") == 0 ||
+	     stricmp(SG(request_info).query_string, "wsdl=") == 0)) {
 
 		if (service->sdl) {
 /*

or apply a proper fix for the tests, namely to spawn a php-cgi process with the command line options, and then send a CGI request and verify the response. Certainly possible, but I'm not sure it's worth the effort.

Originally posted by @cmb69 in #17432 (comment)
@nielsdos
Copy link
Member

This is most likely a consequence of this security fix:

php-src/sapi/cgi/cgi_main.c

Lines 1801 to 1812 in 3337f22

/* Apache CGI will pass the query string to the command line if it doesn't contain a '='.
* This can create an issue where a malicious request can pass command line arguments to
* the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
* but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
* Therefore, this code only prevents passing arguments if the query string starts with a '-'.
* Similarly, scripts spawned in subprocesses on Windows may have the same issue.
* However, Windows has lots of conversion rules and command line parsing rules that
* are too difficult and dangerous to reliably emulate. */
if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
#ifdef PHP_WIN32
skip_getopt = cgi || fastcgi;
#else

Intuitively, I'd say the soap code right now is too restrictive because a query string like ?foo=bar&wsdl won't work either. But one would need to read the SOAP spec to see if that's allowed (funfun)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: Tests Extension: soap OS: Windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cmb69 @nielsdos @Girgias