PHP :: Bug #32371 :: [PATCH] php://input sometimes returns dupl data

Bug #32371	[PATCH] php://input sometimes returns dupl data
Submitted:	2005-03-19 02:25 UTC	Modified:	2005-11-17 20:44 UTC
From:	phpint-bkrrym at skrt dot org	Assigned:	pollita (profile)
Status:	Closed	Package:	Filesystem function related
PHP Version:	5CVS, 4CVS (2005-03-19)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	phpint-bkrrym at skrt dot org
New email:
PHP Version:		OS:

New Comment:

[2005-03-19 02:25 UTC] phpint-bkrrym at skrt dot org

Description:
------------
Full description and PATCH for 5-CVS and 4.3.10 are here:

http://thepathetic.com/jozef/php_input_stream_patch.html
http://thepathetic.com/jozef/php-5.0.3-input_stream.patch
http://thepathetic.com/jozef/php-4.3.10-input_stream.patch

Both 5 and 4.3.10 have the problem (same code).

Because of a subtle buffer index bug, in some cases, the php://input stream returns incorrect data. 

Symptoms:

If the php://input is parsed in 4000-byte chunks, the first corruption occurs at byte number 8193 (1-based). A chunk of the previous 192 bytes repeats there.  The same corruption happens periodically in the data if it is long enough.

The problem was discovered when directly parsing a POSTed XML with a long text-node.

Interestingly enough, reading the contents of php://input with file_get_contents and parsing the string works around the symptoms.

Reproduce code:
---------------
$s = simplexml_load_file('php://input');

sees the text node corrupted, whereas

$d = file_get_contents('php://input');
$s = simplexml_load_string($d);

does not.

Expected result:
----------------
should be the same in both cases

Actual result:
--------------
difference at byte number 8193 (1-based) from the begining of the xml.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-08-11 16:15 UTC] wez@php.net

Sara, could you take a look at this?
It seems ok, but I don't have time to verify it.

[2005-11-17 20:44 UTC] pollita@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

While that fixes the observed problem, it actually still leaves a bug when filters are applied.  The root of the issue is how php://input treats stream->position.

I've applied a fix to branches 4.4, 5.0, 5.1, and HEAD.

If you'd like to try applying just this patch to test it out on your own system, it can be found at:

http://cvs.php.net/php-src/ext/standard/php_fopen_wrapper.c

HEAD: r-1.51
5.1: r-1.45.2.2
5.0: r-1.44.2.1
4.4: r-1.29.2.4.8.1

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 17:01:31 2024 UTC