php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32371 [PATCH] php://input sometimes returns dupl data
Submitted: 2005-03-19 02:25 UTC Modified: 2005-11-17 20:44 UTC
From: phpint-bkrrym at skrt dot org Assigned: pollita (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5CVS, 4CVS (2005-03-19) OS: *
Private report: No CVE-ID: None
 [2005-03-19 02:25 UTC] phpint-bkrrym at skrt dot org
Description:
------------
Full description and PATCH for 5-CVS and 4.3.10 are here:

http://thepathetic.com/jozef/php_input_stream_patch.html
http://thepathetic.com/jozef/php-5.0.3-input_stream.patch
http://thepathetic.com/jozef/php-4.3.10-input_stream.patch

Both 5 and 4.3.10 have the problem (same code).

Because of a subtle buffer index bug, in some cases, the php://input stream returns incorrect data. 

Symptoms:

If the php://input is parsed in 4000-byte chunks, the first corruption occurs at byte number 8193 (1-based). A chunk of the previous 192 bytes repeats there.  The same corruption happens periodically in the data if it is long enough.

The problem was discovered when directly parsing a POSTed XML with a long text-node.

Interestingly enough, reading the contents of php://input with file_get_contents and parsing the string works around the symptoms.

Reproduce code:
---------------
$s = simplexml_load_file('php://input');

sees the text node corrupted, whereas

$d = file_get_contents('php://input');
$s = simplexml_load_string($d);

does not.

Expected result:
----------------
should be the same in both cases

Actual result:
--------------
difference at byte number 8193 (1-based) from the begining of the xml.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-11 16:15 UTC] wez@php.net
Sara, could you take a look at this?
It seems ok, but I don't have time to verify it.
 [2005-11-17 20:44 UTC] pollita@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

While that fixes the observed problem, it actually still leaves a bug when filters are applied.  The root of the issue is how php://input treats stream->position.

I've applied a fix to branches 4.4, 5.0, 5.1, and HEAD.

If you'd like to try applying just this patch to test it out on your own system, it can be found at:

http://cvs.php.net/php-src/ext/standard/php_fopen_wrapper.c

HEAD: r-1.51
5.1: r-1.45.2.2
5.0: r-1.44.2.1
4.4: r-1.29.2.4.8.1
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 09 16:05:53 2022 UTC