From ddf93b3c6bcb2d5cf9d7a80fe93e74b67ca7bcd7 Mon Sep 17 00:00:00 2001 From: Rowan Collins Date: Tue, 11 Oct 2016 21:12:18 +0000 Subject: [PATCH 1/3] Add failing test for bug#73297 --- ext/standard/tests/http/bug73297.phpt | 41 +++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 ext/standard/tests/http/bug73297.phpt diff --git a/ext/standard/tests/http/bug73297.phpt b/ext/standard/tests/http/bug73297.phpt new file mode 100644 index 0000000000000..3575ccbcaa703 --- /dev/null +++ b/ext/standard/tests/http/bug73297.phpt @@ -0,0 +1,41 @@ +--TEST-- +Bug #73297 (Ignore 100 Continue returned by HTTP/1.1 servers) +--INI-- +allow_url_fopen=1 +--SKIPIF-- + +--FILE-- + [ + 'protocol_version' => '1.1', + 'header' => 'Connection: Close' + ], + ]; + + $ctx = stream_context_create($options); + + $responses = [ + "data://text/plain,HTTP/1.1 100 Continue\r\n\r\nHTTP/1.1 200 OK\r\n\r\n" + . "Hello" + ]; + $pid = http_server('tcp://127.0.0.1:12342', $responses); + + echo file_get_contents('http://127.0.0.1:12342/', false, $ctx); + echo "\n"; + + http_server_kill($pid); +} + +do_test(); +echo "\n"; + +?> +--EXPECT-- +Hello + From 01adcc6f2b0ff11a8eda1aaf4e5df9308460b20b Mon Sep 17 00:00:00 2001 From: Rowan Collins Date: Sun, 23 Oct 2016 18:24:58 +0000 Subject: [PATCH 2/3] http_fopen_wrapper.c - bug#73297 Skip past "100 Continue" responses --- ext/standard/http_fopen_wrapper.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index cf29975fa29e7..88a1091e38f1b 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -699,6 +699,24 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, if ((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) { reqok = 1; } + + /* status codes of 1xx are "informational", and will be followed by a real response + * e.g "100 Continue". RFC 7231 states that unexpected 1xx status MUST be parsed, + * and MAY be ignored. As such, we need to skip ahead to the "real" status*/ + if (response_code >= 100 && response_code < 200) { + /* consume lines until we find a line starting 'HTTP/1' */ + while ( + !php_stream_eof(stream) + && php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL + && ( tmp_line_len < 6 || strncasecmp(tmp_line, "HTTP/1", 6) ) + ); + + if (tmp_line_len > 9) { + response_code = atoi(tmp_line + 9); + } else { + response_code = 0; + } + } /* all status codes in the 2xx range are defined by the specification as successful; * all status codes in the 3xx range are for redirection, and so also should never * fail */ From 6ec5008d8d0e9d8a5d477a23e087d2921f41e86f Mon Sep 17 00:00:00 2001 From: Rowan Collins Date: Mon, 24 Oct 2016 18:01:17 +0000 Subject: [PATCH 3/3] Simplify ext/standard/tests/http/bug73297.phpt --- ext/standard/tests/http/bug73297.phpt | 44 +++++++++++---------------- 1 file changed, 18 insertions(+), 26 deletions(-) diff --git a/ext/standard/tests/http/bug73297.phpt b/ext/standard/tests/http/bug73297.phpt index 3575ccbcaa703..0b0e02f3fd028 100644 --- a/ext/standard/tests/http/bug73297.phpt +++ b/ext/standard/tests/http/bug73297.phpt @@ -8,34 +8,26 @@ allow_url_fopen=1 [ - 'protocol_version' => '1.1', - 'header' => 'Connection: Close' - ], - ]; - - $ctx = stream_context_create($options); - - $responses = [ - "data://text/plain,HTTP/1.1 100 Continue\r\n\r\nHTTP/1.1 200 OK\r\n\r\n" - . "Hello" - ]; - $pid = http_server('tcp://127.0.0.1:12342', $responses); - - echo file_get_contents('http://127.0.0.1:12342/', false, $ctx); - echo "\n"; - - http_server_kill($pid); -} - -do_test(); +$options = [ + 'http' => [ + 'protocol_version' => '1.1', + 'header' => 'Connection: Close' + ], +]; + +$ctx = stream_context_create($options); + +$responses = [ + "data://text/plain,HTTP/1.1 100 Continue\r\n\r\nHTTP/1.1 200 OK\r\n\r\n" + . "Hello" +]; +$pid = http_server('tcp://127.0.0.1:12342', $responses); + +echo file_get_contents('http://127.0.0.1:12342/', false, $ctx); echo "\n"; +http_server_kill($pid); + ?> --EXPECT-- Hello -