php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68745 Invalid HTTP requests make web server segfault
Submitted: 2015-01-05 00:12 UTC Modified: 2015-01-06 01:31 UTC
From: benjamin dot morel at gmail dot com Assigned: aharvey (profile)
Status: Closed Package: Built-in web server
PHP Version: 5.6.4 OS: Fedora 21
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: benjamin dot morel at gmail dot com
New email:
PHP Version: OS:

 

 [2015-01-05 00:12 UTC] benjamin dot morel at gmail dot com
Description:
------------
I'm not sure whether this is a bug in the web server or in PHP itself, but trying to access $_SERVER when PHP has received an invalid request such as:

GET www.example.com:80 HTTP/1.1

Makes the built-in web server segfault.

Test script:
---------------
1. Create a test.php file containing this line:

<?php print_r($_SERVER);

2. Start the built-in web server on this file:

php -S localhost:8888 test.php

3. Run this PHP code to send an invalid HTTP request:

$fp = fsockopen('localhost', 8888);
fwrite($fp, "GET www.example.com:80 HTTP/1.1\r\n\r\n");
while (! feof($fp)) echo fread($fp, 1024);
fclose($fp);

The web server will segfault.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-06 01:31 UTC] aharvey@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: aharvey
 [2015-01-06 01:31 UTC] aharvey@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

https://github.com/php/php-src/commit/448ef30f75988384b84cdb88bbb3a1a56b9534da
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 17:01:58 2024 UTC