From:             
Operating system: Linux / SLES 10 SP3
PHP version:      5.2.14
Package:          SOAP related
Bug Type:         Bug
Bug description:Authentication fails due to incorrect string comparison.

Description:
------------
Hi, PHP5 was updated from 5.2.5 to 5.2.14 a few days ago in SLES 10 SP3 and
our 

SOAP client scripts failed to run after the update giving the error:



SoapClient::SoapClient(https://PLACE_SERVERHOSTNAME_HERE:443/dspace-

ws1.1/Community?xsd=1): failed to open stream: HTTP request failed!
HTTP/1.1 401 

Unauthorized



After two days of work I have understood why.  In PHP 5.2.11 code was added
that 

strips the authentication credentials from URLs referenced by the WSDL file
if 

they do not match the URL of the WSDL file.  The code in question is in
php-

5.2.14/ext/soap/php_sdl.c::sdl_set_uri_credentials().  Towards the top of
that 

function the code does:





        /* check if we load xsd from the same server */

        s = strstr(ctx->sdl->source, "://");

        if (!s) return;

        s = strchr(s+3, '/');

        l1 = s - ctx->sdl->source;

        s = strstr((char*)uri, "://");

        if (!s) return;

        s = strchr(s+3, '/');

        l2 = s - (char*)uri;

        if (l1 != l2 || memcmp(ctx->sdl->source, uri, l1) != 0) {

                /* another server. clear authentication credentals */



Which causes authentication for us to fail because our WSDL file URL is: 

https://PLACE_SERVERHOSTNAME_HERE/dspace-ws1.1/Community?wsdl whilst the
XSD 

referenced inside the WSDL file is
https://PLACE_SERVERHOSTNAME_HERE:443/dspace-

ws1.1/Community?xsd=1 so the above string comparison fails.



And indeed if I edit our WSDL URL to include the :443 our scripts work
again so 

that is a work around for this problem.



However I believe this is a bug.  The code should be checking for the
server 

name only, not including the port number.  It makes no sense to check the
port 

number.  So perhaps it should search for ':' and for '/' and use the first
one 

found (obviously cannot just search for ':' as that would fail to work for
URLs 

that do not specify a port number).



Best regards,



Anton

Test script:
---------------
<?php

# This fails:

$communityWsdl =
'https://PLACE_SERVERHOSTNAME_HERE/dspace-ws1.1/Community?wsdl';

# This works:

#$communityWsdl =
'https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?wsdl';

# Where the WSDL contains this line:

# <xsd:import namespace="http://service.webservice.app.dspace.org/";
schemaLocation="https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1"/>

$options = array('login' => "PLACE_USERNAME_HERE",

                'password' => "PLACE_PASSWORD_HERE",

                'authentication' => SOAP_AUTHENTICATION_BASIC,

                'connection_timeout' => 40,

                'trace' => 1);

try {

        $communityService = new SoapClient($GLOBALS['communityWsdl'],

                        $GLOBALS['options']);

} catch (SoapFault $exception) {

        fprintf(STDERR, $exception . "\n");

        exit(1);

}

?>

Expected result:
----------------
Have a valid SoapClient object returned.

Actual result:
--------------
PHP Warning:  

SoapClient::SoapClient(https://PLACE_SERVERHOSTNAME_HERE:443/dspace-

ws1.1/Community?xsd=1): failed to open stream: HTTP request failed!
HTTP/1.1 401 

Unauthorized

 in /usr/share/sms/dspace/sms-list-communities.php on line 15

PHP Warning:  SoapClient::SoapClient(): I/O warning : failed to load
external 

entity "https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1";
in 

/usr/share/sms/dspace/sms-list-communities.php on line 15

PHP Fatal error:  SOAP-ERROR: Parsing Schema: can't import schema from 

'https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1' in 

/usr/share/sms/dspace/sms-list-communities.php on line 15

SoapFault exception: [WSDL] SOAP-ERROR: Parsing Schema: can't import schema
from 

'https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1' in 

/usr/share/sms/dspace/sms-list-communities.php:15

Stack trace:

#0 /usr/share/sms/dspace/sms-list-communities.php(15): SoapClient-

>SoapClient('https://soapbox...', Array)

#1 {main}



-- 
Edit bug report at http://bugs.php.net/bug.php?id=52893&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=52893&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=52893&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=52893&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=52893&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=52893&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=52893&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=52893&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=52893&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=52893&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=52893&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=52893&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=52893&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=52893&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=52893&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=52893&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=52893&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=52893&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=52893&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=52893&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=52893&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=52893&r=mysqlcfg

Reply via email to