-
Notifications
You must be signed in to change notification settings - Fork 8.1k
Expand file tree
/
Copy pathsoap_array_index_overflow.phpt
More file actions
89 lines (79 loc) · 2.53 KB
/
Copy pathsoap_array_index_overflow.phpt
File metadata and controls
89 lines (79 loc) · 2.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
--TEST--
SOAP array index overflow is rejected
--EXTENSIONS--
soap
--FILE--
<?php
class TestSoapClient extends SoapClient {
public string $response;
public function __doRequest($request, $location, $action, $version, $one_way = false, ?string $uriParserClass = null): string {
return $this->response;
}
}
function soap_response(string $attributes, string $itemAttributes = ''): string {
return <<<XML
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns1="http://example.org/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:testResponse>
<return $attributes>
<item xsi:type="xsd:string" $itemAttributes>value</item>
</return>
</ns1:testResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
XML;
}
function test_overflow(string $name, string $response): void {
$client = new TestSoapClient(NULL, [
'location' => 'test://',
'uri' => 'http://example.org/',
'exceptions' => true,
]);
$client->response = $response;
try {
$client->test();
echo "$name: no fault\n";
} catch (SoapFault $e) {
echo "$name: $e->faultstring\n";
}
}
function test_boundary_position(): void {
$client = new TestSoapClient(NULL, [
'location' => 'test://',
'uri' => 'http://example.org/',
'exceptions' => true,
]);
$client->response = soap_response(
'SOAP-ENC:arrayType="xsd:string[1]" xsi:type="SOAP-ENC:Array"',
'SOAP-ENC:position="[2147483646]"'
);
var_dump($client->test());
}
test_overflow(
'arrayType',
soap_response('SOAP-ENC:arrayType="xsd:string[2147483648]" xsi:type="SOAP-ENC:Array"')
);
test_overflow(
'offset',
soap_response('SOAP-ENC:arrayType="xsd:string[1]" SOAP-ENC:offset="[2147483648]" xsi:type="SOAP-ENC:Array"')
);
test_overflow(
'position',
soap_response('SOAP-ENC:arrayType="xsd:string[1]" xsi:type="SOAP-ENC:Array"', 'SOAP-ENC:position="[2147483647]"')
);
test_boundary_position();
?>
--EXPECT--
arrayType: SOAP-ERROR: Encoding: array index out of range
offset: SOAP-ERROR: Encoding: array index out of range
position: SOAP-ERROR: Encoding: array index out of range
array(1) {
[2147483646]=>
string(5) "value"
}