Bug 505355 - Reference counting bug in SoapClient::__setSoapHeaders()
Reference counting bug in SoapClient::__setSoapHeaders()
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: php (Show other bugs)
5.3
All Linux
low Severity medium
: rc
: ---
Assigned To: Joe Orton
BaseOS QE
:
Depends On:
Blocks: 511175
  Show dependency treegraph
 
Reported: 2009-06-11 11:53 EDT by Sachin Prabhu
Modified: 2011-05-04 05:40 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-30 04:24:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Reproducer (633 bytes, application/octet-stream)
2009-06-11 11:56 EDT, Sachin Prabhu
no flags Details

  None (edit)
Description Sachin Prabhu 2009-06-11 11:53:58 EDT
SoapClient :: __setSoapHeaders does not correctly set refcount for the header when there is only a single header object passed. Due to this, a later __soapCall() fails with a segmentation fault since the header has been freed due to its refcount being zero.

Relevant upstream bugzilla:

http://bugs.php.net/bug.php?id=37850

This was fixed by:

http://cvs.php.net/viewvc.cgi/php-src/ext/soap/soap.c?r1=1.156.2.28.2.6&r2=1.156.2.28.2.7
Comment 1 Sachin Prabhu 2009-06-11 11:56:50 EDT
Created attachment 347429 [details]
Reproducer

Reproducer built using sample from 
http://www.php.net/manual/en/soapclient.setsoapheaders.php

The script will not successfully run since the locations used in the sample script are all bogus. However this does demonstrate the problem clearly.

Required Result:

PHP Fatal error:  Uncaught SoapFault exception: [HTTP] Could not connect to host in /root/test.php:20
Stack trace:
#0 [internal function]: SoapClient->__doRequest('<?xml version="...', 'http://localhos...', 'http://test-uri...', 1, 0)
#1 /root/test.php(20): SoapClient->__soapCall('echoVoid', Array)
#2 /root/test.php(28): myclass->someOtherMethod()
#3 {main}
 thrown in /root/test.php on line 20

Actual Result:
Segmentation Fault
Comment 5 Joe Orton 2009-12-16 07:42:28 EST
I've made test packages available which should fix this issue.  These
packages are unsupported, have not been through the standard Red Hat
QA process, and are not recommended for use on production systems.

   http://people.redhat.com/~jorton/Tikanga-php/

Use of these packages may prevent you from (automatically) upgrading
to any asynchronous security errata which are issued before the
release of RHEL 5.5 due to version mismatches.

Please record any feedback on use of these test packages (positive or
negative!) on this bug report.
Comment 7 Chris Ward 2010-02-11 05:24:50 EST
~~ Attention Customers and Partners - RHEL 5.5 Beta is now available on RHN ~~

RHEL 5.5 Beta has been released! There should be a fix present in this 
release that addresses your request. Please test and report back results 
here, by March 3rd 2010 (2010-03-03) or sooner.

Upon successful verification of this request, post your results and update 
the Verified field in Bugzilla with the appropriate value.

If you encounter any issues while testing, please describe them and set 
this bug into NEED_INFO. If you encounter new defects or have additional 
patch(es) to request for inclusion, please clone this bug per each request
and escalate through your support representative.
Comment 11 errata-xmlrpc 2010-03-30 04:24:50 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0241.html

Note You need to log in before you can comment on or make changes to this bug.