Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.5.5

Bug #4231 RPC method calls with bad parameter counts can cause PHP notices.
Submitted: 2005-04-27 08:42 UTC
From: mike at naberezny dot com Assigned: danielc
Status: Closed Package: XML_RPC
PHP Version: Irrelevant OS: Irrelevant
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 50 - 1 = ?

 
 [2005-04-27 08:42 UTC] mike at naberezny dot com
Description: ------------ If a client calls an RPC method but supplies a parameter count that does not match any of the method's signatures as defined in the dispatch map, the function verifySignature() of XML_RPC_Server will cause PHP undefined variable notices if PHP notices have not been disabled. This is a security issue because it exposes the script path to the client. Also, having the server's XML response prepended with PHP notices will cause many clients to reject the return payload as invalid during parsing. Reproduce code: --------------- Build the example server and client from the end-user documentation. The built-in RPC method system.methodHelp() takes one parameter. Use the client to call this method with no parameters, and again with two or more parameters. Observe the response payload. Expected result: ---------------- A valid response from the server with a fault code of 3 and a fault string similar to "Bad parameter count". Actual result: -------------- Undefined variable notices occur for $wanted, $got, and $pno in the function verifySignature() of XML_RPC_Server. These will be prepended to the XML returned from the server, resulting in XML_RPC_Client to report its own fault code 2 (invalud return payload). Although the XML from the server does contain a faultCode and faultString, most other clients react similarly and reject the return payload during parsing. Fix ---- In the class XML_RPC_Server, replace the last line of the function verifySignature(). Before: return array(0, "Wanted ${wanted}, got ${got} at param ${pno})"); Fixed: if (isset($pno)) { return array(0, "Wanted ${wanted}, got ${got} at param ${pno})"); } else { return array(0, 'Bad parameter count'); }

Comments

 [2005-05-04 16:47 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2005-05-05 05:09 UTC] mike at naberezny dot com
Please see the reproduce code here: http://www.mikenaberezny.com/pear/bugs/4231
 [2005-05-05 15:12 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2005-05-07 00:57 UTC] mike at naberezny dot com
I have reopened this bug because the patch in 1.3.0RC2 has the side-effect of breaking support for optional method parameters. Please see a description and reproduce code here: http://www.mikenaberezny.com/pear/bugs/4231-addendum
 [2005-05-08 00:40 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!