php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79723 sapi_cgi_read_post() ignores EOF
Submitted: 2020-06-21 18:58 UTC Modified: 2021-11-28 21:15 UTC
From: sam dot revitch at protonmail dot ch Assigned: bukka (profile)
Status: Assigned Package: FPM related
PHP Version: 7.4.7 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sam dot revitch at protonmail dot ch
New email:
PHP Version: OS:

 

 [2020-06-21 18:58 UTC] sam dot revitch at protonmail dot ch 
Description:
------------
When FPM receives records:

FCGI_BEGIN_REQUEST,
FCGI_PARAMS, including CONTENT_LENGTH=x
one or more nonempty FCGI_STDIN, with a total data length of y < x, and
FCGI_STDIN end-of-stream (empty data)

And the script reads php://input to the end, the read will hang until the socket is closed.  This is because sapi_cgi_read_post() expects CONTENT_LENGTH bytes, and does not appear to honor the FastCGI end-of-stream indicator if it receives fewer.

This is an edge case.  I stumbled upon it using Apache, mod_proxy_fcgi, and mod_security, where mod_security aborts a request based on part of the body.  It's certainly a bug that Apache doesn't close the FastCGI socket or send an abort record.  However, PHP shouldn't be hanging indefinitely after receiving an end-of-stream.

Patches

fcgi-read-eos.patch (last revision 2020-06-21 18:59 UTC by sam dot revitch at protonmail dot ch)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-06-21 18:59 UTC] sam dot revitch at protonmail dot ch 
The following patch has been added/updated:

Patch Name: fcgi-read-eos.patch
Revision:   1592765946
URL:        https://bugs.php.net/patch-display.php?bug=79723&patch=fcgi-read-eos.patch&revision=1592765946
 [2021-11-28 21:15 UTC] bukka@php.net
-Assigned To: +Assigned To: bukk
 [2021-11-28 21:15 UTC] bukka@php.net 
This is related (sort of duplicate) to https://bugs.php.net/bug.php?id=51191 . The reasoning why it cannot be currently accepted can be found in
 [2021-11-28 21:15 UTC] bukka@php.net
-Assigned To: bukk +Assigned To: bukka
 [2021-11-28 21:15 UTC] bukka@php.net 
https://github.com/php/php-src/pull/7509
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 12:01:30 2024 UTC