[wsf-c-dev] [jira] Created: (WSFPHP-387) passwordCallback not called in wsdl mode due to memory overwrite

Dolf Starreveld (JIRA) jira at wso2.org
Tue May 19 18:24:25 PDT 2009 

passwordCallback not called in wsdl mode due to memory overwrite
----------------------------------------------------------------

                 Key: WSFPHP-387
                 URL: https://wso2.org/jira/browse/WSFPHP-387
             Project: WSO2 WSF/PHP
          Issue Type: Bug
          Components: WS-Security Support
    Affects Versions: 2.0.0
         Environment: Fedora Core 10
            Reporter: Dolf Starreveld
            Priority: Highest


I augmented wsf_password_callback_function in wsf_policy.c to print the name of the php function it will try to do a call_user_func on.
When running the client/server from the samples/user_name_token example, everything is fine. Inspecting the server log shows it attempts to call "get_my_password_function".
When I run virtually identical code in a wsdl based service, I print out my security token:
WSSecurityToken Object
(
    [passwordType] => Digest,
    [passwordCallback] => WSF_CallbackFunction1
)
Which is what I want, and the named function does exist. However it never gets called. Inspection of the log shows that it is trying to call "^D<9e>±^ACallbackFunction1". This call_user_func (of course) fails, null is returned and the username token validation fails. The first four characters are binary characters rendered in printable form. It has nothing to do with the name I choose, always the first four characters get messed up.

This totally smells like a buffer overrun, or something similar, or case where a C string is mistakenly converted to a ZVAL type string (forgive my if my terminology is wrong here, I am not a PHP extension developer).

This, of course, prevents me from deploying a secured service based on wsdl with username token.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the Wsf-c-dev mailing list