php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31764 Apache hangs during file upload when using "MAX_FILE_SIZE"
Submitted: 2005-01-30 12:57 UTC Modified: 2005-02-11 01:00 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: t dot schoebel at hamburg dot de Assigned:
Status: No Feedback Package: HTTP related
PHP Version: 4.3.10 OS: Debian 3.0 Woody
Private report: No CVE-ID: None
View Developer Edit
 [2005-01-30 12:57 UTC] t dot schoebel at hamburg dot de 
Description:
------------
I'm hosting a costumer, who uses an old script written for php 3.x.
If at the same time some visitors uploads an image, apache "crashed".
The load average jumps to 50 > an there is no possible to connect to the server via ssh anymore.
In the error.log i get i.e. the following messages:

[Sat Jan 29 01:35:30 2005] [warn] child process 24784 still did not exit, sending a SIGTERM

Reproduce code:
---------------
<form ENCTYPE="multipart/form-data" name=info method=post ACTION="page.upload.php">
<table>
<tr>
<td>Datei:</td>
<td> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"><input name="userfile" type="file" <? echo $styleform3; ?>>
<INPUT TYPE="hidden" NAME="code" value="1"><br>
<INPUT TYPE="hidden" NAME="user" value="<? echo $user;?>"></td>
</tr>


...

if (is_uploaded_file ($userfile)){
$dir = "/var/kunden/webs/web1/tmp/";
  move_uploaded_file($userfile,$dir.$userfile_name) ;
}

Expected result:
----------------
When I upload an image, which is more than 100000 bytes big, cause of the html-code <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"> it's given, i get an php error, that the script gets no data.
Apache breaks the transfer to php, cause the image is bigger then 100000 bytes.

Actual result:
--------------
If you delete the hmtl-tag <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"> an add in your script a check, written in php, for the size and may be the type of the file, you won't get an apache "crash".

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-03 05:13 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
 [2005-02-11 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-09-03 13:37 UTC] wvdm at vodamail dot co dot za 
My php file - It just hangs no error nothing: 

<?php
$prefix="xyz";
$uploadfile = $prefix.basename($_FILES['userfile']['name']);
$valid_ref1="http://www.xxxx.co.za/download/uploadF.php";

echo '<pre>';

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
	echo "File is valid, and was successfully uploaded.\n";  
	echo  POST_FILE_SIZE =(ini_get('post_max_size') +1)."\n";
	print_r($_FILES);
	echo "<script language=\"JavaScript\">\n";
 	echo "top.location.href = \"$valid_ref1\"\n;></script>";
 	exit;
	
	}		
else {
	echo "Possible file upload attack!\n";
        echo "Here is some more debugging info:";
    	print_r($_FILES);
	}


print "</pre>";

?> 
 and the form:

<form enctype="multipart/form-data" action="uploadP.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="500000"/>
    <input type="submit" value="Send File" />
</form>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 13:01:31 2024 UTC