Try to convert all parameters to appropriate type

Currently leaking on ext/session/tests/session_set_cookie_params_error.phpt

Author: pmmaga

ext/session/session.c

@@ -1671,11 +1671,12 @@ PHPAPI void session_adapt_url(const char *url, size_t urllen, char **new, size_t
    Set session cookie parameters */
 static PHP_FUNCTION(session_set_cookie_params)
 {
-	zval *lifetime_or_options, *lifetime = NULL;
-	zend_string *path = NULL, *domain = NULL, *samesite = NULL;
-	zend_bool secure, secure_null = 1;
-	zend_bool httponly, httponly_null = 1;
+	zval *lifetime_or_options;
+	zend_string *lifetime = NULL, *path = NULL, *domain = NULL, *samesite = NULL;
+	zend_bool secure = 0, secure_null = 1;
+	zend_bool httponly = 0, httponly_null = 1;
 	zend_string *ini_name;
+	int found = 0;
 
 	if (!PS(use_cookies)) {
 		return;
@@ -1701,22 +1702,20 @@ static PHP_FUNCTION(session_set_cookie_params)
 	}
 
 	if (Z_TYPE_P(lifetime_or_options) == IS_ARRAY) {
-		int found = 0;
 		zend_string *key;
 		zval *value;
 
 		ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(lifetime_or_options), key, value) {
 			if (key) {
 				ZVAL_DEREF(value);
 				if(!strcasecmp("lifetime", ZSTR_VAL(key))) {
-					lifetime = value;
-					convert_to_string_ex(lifetime);
+					lifetime = zval_get_string(value);
 					found++;
 				} else if(!strcasecmp("path", ZSTR_VAL(key))) {
-					path = Z_STR_P(value);
+					path = zval_get_string(value);
 					found++;
 				} else if(!strcasecmp("domain", ZSTR_VAL(key))) {
-					domain = Z_STR_P(value);
+					domain = zval_get_string(value);
 					found++;
 				} else if(!strcasecmp("secure", ZSTR_VAL(key))) {
 					secure = zval_is_true(value);
@@ -1727,27 +1726,32 @@ static PHP_FUNCTION(session_set_cookie_params)
 					httponly_null = 0;
 					found++;
 				} else if(!strcasecmp("samesite", ZSTR_VAL(key))) {
-					samesite = Z_STR_P(value);
+					samesite = zval_get_string(value);
 					found++;
+				} else {
+					php_error_docref(NULL, E_WARNING, "Unrecognized key '%s' found in the options array", ZSTR_VAL(key));
 				}
+			} else {
+				php_error_docref(NULL, E_ERROR, "The options array must only use string keys");
+				RETURN_FALSE;
 			}
 		} ZEND_HASH_FOREACH_END();
 
 		if (found == 0) {
-			php_error_docref(NULL, E_WARNING, "No valid options were found in the given array");
+			php_error_docref(NULL, E_WARNING, "No valid keys were found in the options array");
 			RETURN_FALSE;
 		}
 	} else {
-		lifetime = lifetime_or_options;
-		convert_to_string_ex(lifetime);
+		lifetime = zval_get_string(lifetime_or_options);
 	}
 
 	if (lifetime) {
 		ini_name = zend_string_init("session.cookie_lifetime", sizeof("session.cookie_lifetime") - 1, 0);
-		if (zend_alter_ini_entry(ini_name, Z_STR_P(lifetime), PHP_INI_USER, PHP_INI_STAGE_RUNTIME) == FAILURE) {
+		if (zend_alter_ini_entry(ini_name, lifetime, PHP_INI_USER, PHP_INI_STAGE_RUNTIME) == FAILURE) {
 			zend_string_release_ex(ini_name, 0);
 			RETURN_FALSE;
 		}
+		zend_string_release(lifetime);
 		zend_string_release_ex(ini_name, 0);
 	}
 	if (path) {
@@ -1756,6 +1760,9 @@ static PHP_FUNCTION(session_set_cookie_params)
 			zend_string_release_ex(ini_name, 0);
 			RETURN_FALSE;
 		}
+		if (found > 0) {
+			zend_string_release(path);
+		}
 		zend_string_release_ex(ini_name, 0);
 	}
 	if (domain) {
@@ -1764,6 +1771,9 @@ static PHP_FUNCTION(session_set_cookie_params)
 			zend_string_release_ex(ini_name, 0);
 			RETURN_FALSE;
 		}
+		if (found > 0) {
+			zend_string_release(domain);
+		}
 		zend_string_release_ex(ini_name, 0);
 	}
 	if (!secure_null) {
@@ -1784,8 +1794,14 @@ static PHP_FUNCTION(session_set_cookie_params)
 	}
     if (samesite) {
         ini_name = zend_string_init("session.cookie_samesite", sizeof("session.cookie_samesite") - 1, 0);
-        zend_alter_ini_entry(ini_name, samesite, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
-        zend_string_release(ini_name);
+		if (zend_alter_ini_entry(ini_name, samesite, PHP_INI_USER, PHP_INI_STAGE_RUNTIME) == FAILURE) {
+			zend_string_release_ex(ini_name, 0);
+			RETURN_FALSE;
+		}
+		if (found > 0) {
+			zend_string_release(samesite);
+		}
+        zend_string_release_ex(ini_name, 0);
     }
 
 	RETURN_TRUE;

ext/session/tests/session_set_cookie_params_variation7.phpt

@@ -42,10 +42,12 @@ ob_end_flush();
 --EXPECTF--
 *** Testing session_set_cookie_params() : array parameter variation ***
 
-Warning: session_set_cookie_params(): No valid options were found in %s
+Warning: session_set_cookie_params(): No valid keys were found in the options array in %s
 bool(false)
 
-Warning: session_set_cookie_params(): No valid options were found in %s
+Warning: session_set_cookie_params(): Unrecognized key 'unknown_key' found in the options array in %s
+
+Warning: session_set_cookie_params(): No valid keys were found in the options array in %s
 bool(false)
 string(1) "0"
 string(0) ""

ext/standard/head.c

@@ -80,7 +80,7 @@ PHPAPI int php_header(void)
 	}
 }
 
-PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int url_encode, int httponly, zend_string *samesite)
+PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int httponly, zend_string *samesite, int url_encode)
 {
 	char *cookie;
 	size_t len = sizeof("Set-Cookie: ");
@@ -207,7 +207,7 @@ PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires,
 	return result;
 }
 
-static void php_head_parse_cookie_options_array(zval *options, zend_long *expires, zend_string **path, zend_string **domain, zend_bool *secure, zend_bool *httponly, zend_string **samesite) {
+static int php_head_parse_cookie_options_array(zval *options, zend_long *expires, zend_string **path, zend_string **domain, zend_bool *secure, zend_bool *httponly, zend_string **samesite) {
 	int found = 0;
 	zend_string *key;
 	zval *value;
@@ -216,13 +216,13 @@ static void php_head_parse_cookie_options_array(zval *options, zend_long *expire
 		if (key) {
 			ZVAL_DEREF(value);
 			if(!strcasecmp("expire", ZSTR_VAL(key))) {
-				*expires = Z_LVAL_P(value);
+				*expires = zval_get_long(value);
 				found++;
 			} else if(!strcasecmp("path", ZSTR_VAL(key))) {
-				*path = Z_STR_P(value);
+				*path = zval_get_string(value);
 				found++;
 			} else if(!strcasecmp("domain", ZSTR_VAL(key))) {
-				*domain = Z_STR_P(value);
+				*domain = zval_get_string(value);
 				found++;
 			} else if(!strcasecmp("secure", ZSTR_VAL(key))) {
 				*secure = zval_is_true(value);
@@ -231,19 +231,27 @@ static void php_head_parse_cookie_options_array(zval *options, zend_long *expire
 				*httponly = zval_is_true(value);
 				found++;
 			} else if(!strcasecmp("samesite", ZSTR_VAL(key))) {
-				*samesite = Z_STR_P(value);
+				*samesite = zval_get_string(value);
 				found++;
+			} else {
+				php_error_docref(NULL, E_WARNING, "Unrecognized key '%s' found in the options array", ZSTR_VAL(key));
 			}
+		} else {
+			php_error_docref(NULL, E_ERROR, "The options array must only use string keys");
+			return 0;
 		}
 	} ZEND_HASH_FOREACH_END();
 
 	/* Array is not empty but no valid keys were found */
-	if (found == 0 && Z_ARRVAL_P(options)->nNumUsed > 0) {
+	if (found == 0 && zend_hash_num_elements(Z_ARRVAL_P(options)) > 0) {
 		php_error_docref(NULL, E_WARNING, "No valid options were found in the given array");
+		return 0;
 	}
+
+	return 1;
 }
 
-/* {{{ proto bool setcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly[, string samesite]]]]]]])
+/* {{{ proto bool setcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly]]]]]])
                   setcookie(string name [, string value [, array options]])
    Send a cookie */
 PHP_FUNCTION(setcookie)
@@ -266,21 +274,23 @@ PHP_FUNCTION(setcookie)
 
 	if (expires_or_options) {
 		if (Z_TYPE_P(expires_or_options) == IS_ARRAY) {
-			php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite);
+			if(!php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite)) {
+				RETURN_FALSE;
+			}
 		} else {
 			expires = Z_LVAL_P(expires_or_options);
 		}
 	}
 
-	if (php_setcookie(name, value, expires, path, domain, secure, 1, httponly, samesite) == SUCCESS) {
+	if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, 1) == SUCCESS) {
 		RETVAL_TRUE;
 	} else {
 		RETVAL_FALSE;
 	}
 }
 /* }}} */
 
-/* {{{ proto bool setrawcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly[, string samesite]]]]]]])
+/* {{{ proto bool setrawcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly]]]]]])
                   setrawcookie(string name [, string value [, array options]])
    Send a cookie with no url encoding of the value */
 PHP_FUNCTION(setrawcookie)
@@ -303,13 +313,15 @@ PHP_FUNCTION(setrawcookie)
 
 	if (expires_or_options) {
 		if (Z_TYPE_P(expires_or_options) == IS_ARRAY) {
-			php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite);
+			if(!php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite)) {
+				RETURN_FALSE;
+			}
 		} else {
 			expires = Z_LVAL_P(expires_or_options);
 		}
 	}
 
-	if (php_setcookie(name, value, expires, path, domain, secure, 0, httponly, samesite) == SUCCESS) {
+	if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, 0) == SUCCESS) {
 		RETVAL_TRUE;
 	} else {
 		RETVAL_FALSE;

ext/standard/head.h

@@ -39,6 +39,6 @@ PHP_FUNCTION(headers_list);
 PHP_FUNCTION(http_response_code);
 
 PHPAPI int php_header(void);
-PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int url_encode, int httponly, zend_string *samesite);
+PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int httponly, zend_string *samesite, int url_encode);
 
 #endif

ext/standard/tests/network/setcookie.phpt

@@ -17,6 +17,8 @@ setcookie('name', 'value', 0, '', 'domain.tld');
 setcookie('name', 'value', 0, '', '', TRUE);
 setcookie('name', 'value', 0, '', '', FALSE, TRUE);
 
+setcookie('name', 'value', ['expire' => $tsp]);
+setcookie('name', 'value', ['expire' => $tsn, 'path' => '/path/', 'domain' => 'domain.tld', 'secure' => true, 'httponly' => true, 'samesite' => 'Strict']);
 
 $expected = array(
 	'Set-Cookie: name=deleted; expires='.date('D, d-M-Y H:i:s', 1).' GMT; Max-Age=0',
@@ -30,7 +32,9 @@ $expected = array(
 	'Set-Cookie: name=value; path=/path/',
 	'Set-Cookie: name=value; domain=domain.tld',
 	'Set-Cookie: name=value; secure',
-	'Set-Cookie: name=value; HttpOnly'
+	'Set-Cookie: name=value; HttpOnly',
+	'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsp).' GMT; Max-Age=5',
+	'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsn).' GMT; Max-Age=0; path=/path/; domain=domain.tld; secure; HttpOnly; SameSite=Strict'
 );
 
 $headers = headers_list();