|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31764 Apache hangs during file upload when using "MAX_FILE_SIZE"
Submitted: 2005-01-30 12:57 UTC Modified: 2005-02-11 01:00 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: t dot schoebel at hamburg dot de Assigned:
Status: No Feedback Package: HTTP related
PHP Version: 4.3.10 OS: Debian 3.0 Woody
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: t dot schoebel at hamburg dot de
New email:
PHP Version: OS:


 [2005-01-30 12:57 UTC] t dot schoebel at hamburg dot de
I'm hosting a costumer, who uses an old script written for php 3.x.
If at the same time some visitors uploads an image, apache "crashed".
The load average jumps to 50 > an there is no possible to connect to the server via ssh anymore.
In the error.log i get i.e. the following messages:

[Sat Jan 29 01:35:30 2005] [warn] child process 24784 still did not exit, sending a SIGTERM

Reproduce code:
<form ENCTYPE="multipart/form-data" name=info method=post ACTION="page.upload.php">
<td> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"><input name="userfile" type="file" <? echo $styleform3; ?>>
<INPUT TYPE="hidden" NAME="code" value="1"><br>
<INPUT TYPE="hidden" NAME="user" value="<? echo $user;?>"></td>


if (is_uploaded_file ($userfile)){
$dir = "/var/kunden/webs/web1/tmp/";
  move_uploaded_file($userfile,$dir.$userfile_name) ;

Expected result:
When I upload an image, which is more than 100000 bytes big, cause of the html-code <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"> it's given, i get an php error, that the script gets no data.
Apache breaks the transfer to php, cause the image is bigger then 100000 bytes.

Actual result:
If you delete the hmtl-tag <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"> an add in your script a check, written in php, for the size and may be the type of the file, you won't get an apache "crash".


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-11 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-09-03 13:37 UTC] wvdm at vodamail dot co dot za
My php file - It just hangs no error nothing: 

$uploadfile = $prefix.basename($_FILES['userfile']['name']);

echo '<pre>';

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
	echo "File is valid, and was successfully uploaded.\n";  
	echo  POST_FILE_SIZE =(ini_get('post_max_size') +1)."\n";
	echo "<script language=\"JavaScript\">\n";
 	echo "top.location.href = \"$valid_ref1\"\n;></script>";
else {
	echo "Possible file upload attack!\n";
        echo "Here is some more debugging info:";

print "</pre>";

 and the form:

<form enctype="multipart/form-data" action="uploadP.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="500000"/>
    <input type="submit" value="Send File" />
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Apr 22 03:01:32 2024 UTC