Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requests with integer header keys and string values cause InvalidArgumentExceptions #1

Closed
2 tasks done
weierophinney opened this issue Dec 31, 2019 · 3 comments
Closed
2 tasks done

Requests with integer header keys and string values cause InvalidArgumentExceptions #1

weierophinney opened this issue Dec 31, 2019 · 3 comments

Comments

@weierophinney
Copy link
Member

  • I was not able to find an open or closed issue matching what I'm seeing.
  • This is not a question. (Questions should be asked on chat (Signup here) or our forums.)

If a user sends a GET request to an endpoint which is run on zend-http and if that GET request has a header key:value pair of the form $integer:$string, (e.g., 2:blah), this will cause the endpoint to throw an InvalidArgumentException.

This appears to be similar to zendframework/zend-http#116 and zendframework/zend-mvc#226 but not quite the same.

Code to reproduce the issue

I don't have a specific code snippet to reproduce this (it affects our entire application) but this seems to be happening because, in zend-http/src/Headers.php, addHeaders() can call addHeaderLine() without a second argument if it sees a header with an integer key:

    public function addHeaders($headers)
    {
        if (! is_array($headers) && ! $headers instanceof Traversable) {
            throw new Exception\InvalidArgumentException(sprintf(
                'Expected array or Traversable; received "%s"',
                (is_object($headers) ? get_class($headers) : gettype($headers))
            ));
        }

        foreach ($headers as $name => $value) {
            if (is_int($name)) {
                if (is_string($value)) {
                    $this->addHeaderLine($value);

Expected results

I'm not sure. Perhaps the header should be ignored? Or that addHeaderLine() should look like $this->addHeaderLine((string)$name, $value);?

Actual results

[18-Nov-2019 16:27:12 UTC] PHP Fatal error:  Uncaught Zend\Http\Header\Exception\InvalidArgumentException: A field name was provided without a field value in <path>/zendframework/zend-http/src/Headers.php:192
Stack trace:
#0 <path>/zendframework/zend-http/src/Headers.php(155): Zend\Http\Headers->addHeaderLine('Mozilla/5.0 (Wi...')
#1 <path>/zendframework/zend-http/src/PhpEnvironment/Request.php(236): Zend\Http\Headers->addHeaders(Array)
#2 <path>/zendframework/zend-http/src/PhpEnvironment/Request.php(84): Zend\Http\PhpEnvironment\Request->setServer(Object(Zend\Stdlib\Parameters))
#3 <path>/zendframework/zend-mvc/src/Service/RequestFactory.php(28): Zend\Http\PhpEnvironment\Request->__construct()
#4 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(703): Zend\Mvc\Service\RequestFactory->__invoke(Object(Zend\ServiceManager\ServiceManager), 'Request', NULL)
#5 <path>/zendframework/zend-mvc-console/src/Service/ConsoleRequestDelegatorFactory.php(34): Zend\ServiceManager\ServiceManager->Zend\ServiceManager\{closure}()
#6 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(738): Zend\Mvc\Console\Service\ConsoleRequestDelegatorFactory->__invoke(Object(Zend\ServiceManager\ServiceManager), 'Request', Object(Closure), NULL)
#7 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(742): Zend\ServiceManager\ServiceManager->Zend\ServiceManager\{closure}(Object(Zend\ServiceManager\ServiceManager), 'Request', Object(Closure), NULL)
#8 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(766): Zend\ServiceManager\ServiceManager->createDelegatorFromName('Request', NULL)
#9 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(200): Zend\ServiceManager\ServiceManager->doCreate('Request')
#10 <path>/zendframework/zend-mvc/src/Service/ApplicationFactory.php(34): Zend\ServiceManager\ServiceManager->get('Request')
#11 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(764): Zend\Mvc\Service\ApplicationFactory->__invoke(Object(Zend\ServiceManager\ServiceManager), 'Application', NULL)
#12 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(200): Zend\ServiceManager\ServiceManager->doCreate('Application')
#13 <path>/zendframework/zend-mvc/src/Application.php(273): Zend\ServiceManager\ServiceManager->get('Application')
#14 <path>/zend.php(21): Zend\Mvc\Application::init(Array)
#15 {main}
Next Zend\ServiceManager\Exception\ServiceNotCreatedException: Service with name "Request" could not be created. Reason: A field name was provided without a field value in <path>/zendframework/zend-servicemanager/src/ServiceManager.php:771
Stack trace:
#0 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(200): Zend\ServiceManager\ServiceManager->doCreate('Request')
#1 <path>/zendframework/zend-mvc/src/Service/ApplicationFactory.php(34): Zend\ServiceManager\ServiceManager->get('Request')
#2 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(764): Zend\Mvc\Service\ApplicationFactory->__invoke(Object(Zend\ServiceManager\ServiceManager), 'Application', NULL)
#3 <path>/zendframework/zend-servicemanager/src/ServiceManager.php(200): Zend\ServiceManager\ServiceManager->doCreate('Application')
#4 <path>/zendframework/zend-mvc/src/Application.php(273): Zend\ServiceManager\ServiceManager->get('Application')
#5 <path>/zend.php(21): Zend\Mvc\Application::init(Array)
#6 {main}
  thrown in <path>/zendframework/zend-servicemanager/src/ServiceManager.php on line 771

Originally posted by @aedelstein at zendframework/zend-http#197
@weierophinney weierophinney mentioned this issue Dec 31, 2019
Open
2 tasks
@markus-perl
Copy link

Here is my workaround which I use until this issue is closed.

I encapsulated the whole code in the public/index.php with the following try/catch:

try {
// Run the application!
// Your application code here
} catch (\Laminas\ServiceManager\Exception\ServiceNotCreatedException $e) {
    if (substr_count($e->getMessage(), 'A field name was provided without a field value')) {
        echo "Bad request";
        http_response_code(400);
    } else {
        throw $e;
    }
}

Hope there will be a better patch soon.

@sivasdescalzo
Copy link

sivasdescalzo commented Nov 13, 2020
edited

It can be reproduced with a header where its name is an integer:

123123: 'value_of_header'

@weierophinney
Copy link
Member Author

This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering Committee.
If you have a security issue, please follow our security reporting guidelines.
If you wish to take on the role of maintainer, please nominate yourself

You can continue using laminas/laminas-http safely.
Its successor will be PSR-7 in a later revision of laminas/laminas-mvc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weierophinney @markus-perl