|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2006-10-19 20:10 UTC] thomas at partyflock dot nl
Description:
------------
Insert ErrorDocument directive for error code 413 in httpd.conf:
ErrorDocument 413 /anywhere
Now post something to your webserver, with following invalid Content-Length: 1\r\r\n (extra carriage return)
sapi_globals.request_info.post_data is allocated, in SAPI.c:sapi_read_standard_form_data on line 203. After the call to sapi_module.read_post on line 206, the POST request is transformed to a GET request for above error document and the sapi_globals.request_info.post_data is 0 at that point, resulting in a segmentation fault at SAPI.c line 223.
Reproduce code:
---------------
#!/usr/bin/perl -w
use strict;
use IO::Socket;
if ($#ARGV < 0) {
print STDERR "need hostname argument\n";
exit 1;
}
my $sock = IO::Socket::INET->new(
'PeerAddr' => $ARGV[0],
'PeerPort' => 80
);
if (!$sock) {
print STDERR "failed to connect to port 80 of $ARGV[0]\n";
exit 1;
}
print $sock "POST / HTTP/1.0\r\n";
print $sock "Content-Length: 1\r\r\n\r\n";
print $sock "a";
undef $sock;
Expected result:
----------------
Well, I'd expect it to not crash :)
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Tue Dec 03 17:01:29 2024 UTC |
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1211164992 (LWP 15723)] 0xb7b4e7e0 in sapi_read_standard_form_data () at /root/build/webserver/200610181 225 SG(request_info).post_data[SG(read_post_bytes)] = 0; /* termina (gdb) bt #0 0xb7b4e7e0 in sapi_read_standard_form_data () at /root/build/webserver/20061 #1 0xb7b53425 in php_default_post_reader () at /root/build/webserver/2006101814 #2 0xb7b4ee57 in sapi_activate () at /root/build/webserver/200610181402/php/php #3 0xb7b471ac in php_request_startup () at /root/build/webserver/200610181402/p #4 0xb7c0ed45 in php_apache_request_ctor (r=0x81d10e0, ctx=0x81d23e8) at /root/build/webserver/200610181402/php/php-5.2/sapi/apache2handler/sapi_a #5 0xb7c0f26f in php_handler (r=0x81d10e0) at /root/build/webserver/20061018140 #6 0x0807a514 in ap_invoke_handler () #7 0x0806bb02 in ap_process_request () #8 0x08065a92 in ap_process_http_connection () #9 0x0808389b in ap_process_connection () #10 0x08077a06 in child_main () #11 0x08077cd6 in make_child () #12 0x08078034 in ap_mpm_run () #13 0x0807e970 in main () (gdb) p sapi_globals.request_info $2 = {request_method = 0x81d2910 "GET", query_string = 0x81d69b8 "SECTION=anything;sELEMENT=anything;EXTENSION=", post_data = 0x0, raw_post_data = 0x0, cookie_data = 0x0, content_length = 1, post_data_length = 0, raw_post_data_length = 0, path_translated = 0x81d69f8 "/home/party/public_html/index.php", request_uri = 0x81d69e8 "/anything", content_type = 0x0, headers_only = 0 '\0', no_headers = 0 '\0', headers_read = 0 '\0', post_entry = 0x0, content_type_dup = 0x0, auth_user = 0x0, auth_password = 0x0, auth_digest = 0x0, argv0 = 0x0, current_user = 0x0, current_user_length = 0, argc = 0, argv = 0x0, proto_num = 1000} But I've narrowed it down a bit. It requires the following lines in httpd.conf: RewriteEngine on RewriteRule ^/anywhere$ /somewherelse.php ErrorDocument 413 /anywhere /somewherelse.php must exists. There's no problem if a non-php file is used.