From a09a13e3f79c5381d24ed7fdb90f5a813bde9717 Mon Sep 17 00:00:00 2001 From: coppolafab Date: Thu, 5 Oct 2023 09:36:18 +0200 Subject: [PATCH 1/3] php_cli_server: ensure single date header is present --- sapi/cli/php_cli_server.c | 26 +++++++++++++---- sapi/cli/tests/php_cli_server_022.phpt | 39 ++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 sapi/cli/tests/php_cli_server_022.phpt diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index f13edc568a652..e5bc8292f2ad0 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -348,10 +348,26 @@ static void append_http_status_line(smart_str *buffer, int protocol_version, int smart_str_appendl_ex(buffer, "\r\n", 2, persistent); } /* }}} */ -static void append_essential_headers(smart_str* buffer, php_cli_server_client *client, int persistent) /* {{{ */ +static void append_essential_headers(smart_str* buffer, php_cli_server_client *client, int persistent, sapi_headers_struct *sapi_headers) /* {{{ */ { char *val; struct timeval tv = {0}; + sapi_header_struct *h; + zend_llist_position pos; + bool append_date_header = 1; + + if (sapi_headers != NULL) { + h = (sapi_header_struct*)zend_llist_get_first_ex(&sapi_headers->headers, &pos); + while (h) { + if (h->header_len) { + if (strncmp(h->header, "Date:", strlen("Date:")) == 0) { + append_date_header = 0; + break; + } + } + h = (sapi_header_struct*)zend_llist_get_next_ex(&sapi_headers->headers, &pos); + } + } if (NULL != (val = zend_hash_str_find_ptr(&client->request.headers, "host", sizeof("host")-1))) { smart_str_appends_ex(buffer, "Host: ", persistent); @@ -359,7 +375,7 @@ static void append_essential_headers(smart_str* buffer, php_cli_server_client *c smart_str_appends_ex(buffer, "\r\n", persistent); } - if (!gettimeofday(&tv, NULL)) { + if (append_date_header && !gettimeofday(&tv, NULL)) { zend_string *dt = php_format_date("D, d M Y H:i:s", sizeof("D, d M Y H:i:s") - 1, tv.tv_sec, 0); smart_str_appends_ex(buffer, "Date: ", persistent); smart_str_appends_ex(buffer, dt->val, persistent); @@ -552,7 +568,7 @@ static int sapi_cli_server_send_headers(sapi_headers_struct *sapi_headers) /* {{ append_http_status_line(&buffer, client->request.protocol_version, SG(sapi_headers).http_response_code, 0); } - append_essential_headers(&buffer, client, 0); + append_essential_headers(&buffer, client, 0, sapi_headers); h = (sapi_header_struct*)zend_llist_get_first_ex(&sapi_headers->headers, &pos); while (h) { @@ -1997,7 +2013,7 @@ static int php_cli_server_send_error_page(php_cli_server *server, php_cli_server /* out of memory */ goto fail; } - append_essential_headers(&buffer, client, 1); + append_essential_headers(&buffer, client, 1, NULL); smart_str_appends_ex(&buffer, "Content-Type: text/html; charset=UTF-8\r\n", 1); smart_str_appends_ex(&buffer, "Content-Length: ", 1); smart_str_append_unsigned_ex(&buffer, php_cli_server_buffer_size(&client->content_sender.buffer), 1); @@ -2093,7 +2109,7 @@ static int php_cli_server_begin_send_static(php_cli_server *server, php_cli_serv php_cli_server_log_response(client, 500, NULL); return FAILURE; } - append_essential_headers(&buffer, client, 1); + append_essential_headers(&buffer, client, 1, NULL); if (mime_type) { smart_str_appendl_ex(&buffer, "Content-Type: ", sizeof("Content-Type: ") - 1, 1); smart_str_appends_ex(&buffer, mime_type, 1); diff --git a/sapi/cli/tests/php_cli_server_022.phpt b/sapi/cli/tests/php_cli_server_022.phpt new file mode 100644 index 0000000000000..5093030642b67 --- /dev/null +++ b/sapi/cli/tests/php_cli_server_022.phpt @@ -0,0 +1,39 @@ +--TEST-- +Ensure a single Date header is present +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +HTTP/1.1 200 OK +Host: %s +Connection: close +X-Powered-By: %s +Date: Mon, 25 Mar 1985 00:20:00 GMT +Content-type: text/html; charset=UTF-8 + From 0da89129f85b2a6fb5dd298d65f1dd323dc1e93d Mon Sep 17 00:00:00 2001 From: coppolafab Date: Thu, 5 Oct 2023 23:19:17 +0200 Subject: [PATCH 2/3] case-insensitive header comparison and style fixes --- sapi/cli/php_cli_server.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index e5bc8292f2ad0..4b08fafb88cc6 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -352,16 +352,15 @@ static void append_essential_headers(smart_str* buffer, php_cli_server_client *c { char *val; struct timeval tv = {0}; - sapi_header_struct *h; - zend_llist_position pos; - bool append_date_header = 1; + bool append_date_header = true; if (sapi_headers != NULL) { - h = (sapi_header_struct*)zend_llist_get_first_ex(&sapi_headers->headers, &pos); + zend_llist_position pos; + sapi_header_struct *h = (sapi_header_struct*)zend_llist_get_first_ex(&sapi_headers->headers, &pos); while (h) { - if (h->header_len) { - if (strncmp(h->header, "Date:", strlen("Date:")) == 0) { - append_date_header = 0; + if (h->header_len > strlen("Date:")-1) { + if (strncasecmp(h->header, "Date:", strlen("Date:")-1) == 0) { + append_date_header = false; break; } } From 4d80d30fb56054c3b0b314b430b98ab84a4498b5 Mon Sep 17 00:00:00 2001 From: coppolafab Date: Thu, 5 Oct 2023 23:43:36 +0200 Subject: [PATCH 3/3] fix strlen usage --- sapi/cli/php_cli_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index 4b08fafb88cc6..4ed2095e840c5 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -358,8 +358,8 @@ static void append_essential_headers(smart_str* buffer, php_cli_server_client *c zend_llist_position pos; sapi_header_struct *h = (sapi_header_struct*)zend_llist_get_first_ex(&sapi_headers->headers, &pos); while (h) { - if (h->header_len > strlen("Date:")-1) { - if (strncasecmp(h->header, "Date:", strlen("Date:")-1) == 0) { + if (h->header_len > strlen("Date:")) { + if (strncasecmp(h->header, "Date:", strlen("Date:")) == 0) { append_date_header = false; break; }