8000 [HttpClient] may leak InvalidArgumentException for malformed `location` header on redirect · Issue #58857 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[HttpClient] may leak InvalidArgumentException for malformed location header on redirect #58857

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
TimWolla opened this issue Nov 13, 2024 · 0 comments
Closed

[HttpClient] may leak InvalidArgumentException for malformed location header on redirect #58857

TimWolla opened this issue Nov 13, 2024 · 0 comments
Labels
Bug HttpClient Status: Needs Review

Comments

@TimWolla
Copy link
Contributor

Symfony version(s) affected

git 7.2

Description

When the returned location header for a 3xx HTTP response is of the form http:[a-z]+, Symfony HTTP client will throw Symfony\Component\HttpClient\Exception\InvalidArgumentException, which is not a legal Exception according to the contract of the HttpClient.

It should throw RedirectionException instead.

How to reproduce

<?php

use Symfony\Component\HttpClient\HttpClient;

require('vendor/autoload.php');

$client = HttpClient::create();
$response = $client->request(
    'GET',
    'http://localhost:8080/redirect.php'
);

var_dump($response->getHeaders());

running against redirect.php:

<?php
header('location: http:localhost');

with PHP's embedded HTTP server:

$ php -S localhost:8080
[Wed Nov 13 17:14:07 2024] PHP 8.3.13 Development Server (http://localhost:8080) started
[Wed Nov 13 17:14:15 2024] 127.0.0.1:53780 Accepted
[Wed Nov 13 17:14:15 2024] 127.0.0.1:53780 [302]: GET /redirect.php
[Wed Nov 13 17:14:15 2024] 127.0.0.1:53780 Closing

results in:

PHP Fatal error:  Uncaught Symfony\Component\HttpClient\Exception\InvalidArgumentException: Invalid URL: host is missing in "http:localhost". in symfony/src/Symfony/Component/HttpClient/HttpClientTrait.php:615
Stack trace:
#0 symfony/src/Symfony/Component/HttpClient/CurlHttpClient.php(442): Symfony\Component\HttpClient\CurlHttpClient::resolveUrl()
#1 symfony/src/Symfony/Component/HttpClient/Response/CurlResponse.php(429): Symfony\Component\HttpClient\CurlHttpClient::Symfony\Component\HttpClient\{closure}()
#2 symfony/src/Symfony/Component/HttpClient/Response/CurlResponse.php(86): Symfony\Component\HttpClient\Response\CurlResponse::parseHeaderLine()
#3 [internal function]: Symfony\Component\HttpClient\Response\CurlResponse::Symfony\Component\HttpClient\Response\{closure}()
#4 symfony/src/Symfony/Component/HttpClient/Response/CurlResponse.php(295): curl_multi_exec()
#5 symfony/src/Symfony/Component/HttpClient/Response/TransportResponseTrait.php(167): Symfony\Component\HttpClient\Response\CurlResponse::perform()
#6 symfony/src/Symfony/Component/HttpClient/Response/CommonResponseTrait.php(145): Symfony\Component\HttpClient\Response\CurlResponse::stream()
#7 symfony/src/Symfony/Component/HttpClient/Response/TransportResponseTrait.php(61): Symfony\Component\HttpClient\Response\CurlResponse::initialize()
#8 symfony/test.php(13): Symfony\Component\HttpClient\Response\CurlResponse->getHeaders()
#9 {main}
  thrown in symfony/src/Symfony/Component/HttpClient/HttpClientTrait.php on line 615

Possible Solution

This is related to #58836, which fixed the location header parsing for non-http schemes, e.g. location: localhost:8080.

Additional Context

No response
@TimWolla TimWolla added the Bug label Nov 13, 2024
@nicolas-grekas nicolas-grekas mentioned this issue Nov 13, 2024
Merged
nicolas-grekas added a commit that referenced this issue Nov 13, 2024
@nicolas-grekas
bug #58860 [HttpClient] Fix catching some invalid Location headers (n…
9cfedd8 
…icolas-grekas)

This PR was merged into the 5.4 branch.

Discussion
----------

[HttpClient] Fix catching some invalid Location headers

| Q             | A
| ------------- | ---
| Branch?       | 5.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Issues        | Fix #58857
| License       | MIT

Commits
-------

7f94d4a [HttpClient] Fix catching some invalid Location headers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpClient Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TimWolla @nicolas-grekas @carsonbot
0