php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61471 Incomplete POST does not timeout but is passed to PHP
Submitted: 2012-03-22 08:02 UTC Modified: 2017-03-28 11:35 UTC
Votes:15
Avg. Score:4.4 ± 0.9
Reproduced:12 of 13 (92.3%)
Same Version:7 (58.3%)
Same OS:10 (83.3%)
From: jakub dot lopuszanski at nasza-klasa dot pl Assigned:
Status: Re-Opened Package: Apache2 related
PHP Version: Irrelevant OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jakub dot lopuszanski at nasza-klasa dot pl
New email:
PHP Version: OS:

 

 [2012-03-22 08:02 UTC] jakub dot lopuszanski at nasza-klasa dot pl 
Description:
------------
When a user has a really slow connection (we experienced the problem with POSTs 
longer than single TCP/IP frame) it may happen, that in expected amount of time 
the number of POST body bytes transmited is less than announced in Content-Length 
header.

It seems, that even with the mod_reqtimeout installed and configured, apache2 
happilly passes the request to PHP interpreter, with $_POST set to an empty array.

It does so if the reqeusted page is a PHP script, which is inconsistent with the 
way a static HTML file is handled (400 Bad Request).

Test script:
---------------
I assume you have a script with var_dump($_POST) on the server.
Please note how 1755 is much greater than "foo=bar" length

netcat localhost 80

POST / HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 1755

foo=bar


Expected result:
----------------
408 Request Timeout
or
504 Gateway Timeout
or
400 Bad Request
or in the worst case 
200 OK
array(1){
  "foo" => "bar"
}

Actual result:
--------------
200 OK
array(0){
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-29 07:56 UTC] laruence@php.net 
Automatic comment on behalf of z-shao@colopl.co.jp
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9b65a10256e244a6d80027c943b163dd1643abe2
Log: bug fixed #61471 in apache2handler
 [2016-12-29 07:56 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2017-01-05 13:06 UTC] ab@php.net
-Status: Closed +Status: Re-Opened
 [2017-01-05 13:06 UTC] ab@php.net 
The patch was reverted due to issues, see https://github.com/php/php-src/pull/2180 . Reopening.

Thanks.
 [2017-02-08 00:11 UTC] nikic@php.net 
Automatic comment on behalf of z-shao@colopl.co.jp
Revision: http://git.php.net/?p=php-src.git;a=commit;h=80c8d84af303d2fddc9ba9f181c7117b9040811d
Log: Fixed bug #61471
 [2017-02-08 00:11 UTC] nikic@php.net
-Status: Re-Opened +Status: Closed
 [2017-03-28 11:19 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ef8632c9dc5c4827a47c5b226ad5a0a9cb93326e
Log: Revert "Fixed bug #61471"
 [2017-03-28 11:24 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=825f006117046e28a662545f13ee01e0df3977ac
Log: Revert "Fixed bug #61471"
 [2017-03-28 11:35 UTC] ab@php.net
-Status: Closed +Status: Re-Opened
 [2017-03-28 11:36 UTC] ab@php.net 
Related To: Bug #74318
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC