php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #60206 possible integer overflow in content_length
Submitted: 2011-11-03 07:41 UTC Modified: 2011-11-03 07:43 UTC
From: laruence@php.net Assigned:
Status: Closed Package: *General Issues
PHP Version: 5.3.8 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: laruence@php.net
New email:
PHP Version: OS:

 

 [2011-11-03 07:41 UTC] laruence@php.net 
Description:
------------
in php_apache_request_ctor (sapi/apache2handler/sapi_apache2.c)

	SG(request_info).content_length = (content_length ? atoi(content_length) : 
0);


so when the content_length exceed INT_MAX,  the content_length will be a wrong 
value. 

Test script:
---------------
none

Expected result:
----------------
none

Actual result:
--------------
none

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-03 07:41 UTC] laruence@php.net
-Status: Open +Status: Duplicate
 [2011-11-03 07:41 UTC] laruence@php.net 
dup to #20605
 [2011-11-03 07:43 UTC] laruence@php.net 
dup to #60205

and this problem exists not only in apache2handler sapi but other sapis
 [2012-04-18 09:48 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d0d0724c5de6397a4c9999568bc1fd7105ef5f
Log: Fixed bug #60206 (possible integer overflow in content_length)
 [2012-07-24 23:39 UTC] rasmus@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d0d0724c5de6397a4c9999568bc1fd7105ef5f
Log: Fixed bug #60206 (possible integer overflow in content_length)
 [2013-11-17 09:35 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d0d0724c5de6397a4c9999568bc1fd7105ef5f
Log: Fixed bug #60206 (possible integer overflow in content_length)
 [2013-11-17 09:35 UTC] laruence@php.net
-Status: Duplicate +Status: Closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 12:01:28 2025 UTC