php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50979 FastCGI/CGI runtime selection error
Submitted: 2010-02-09 20:53 UTC Modified: 2013-02-18 00:34 UTC
From: php at linepoint dot com Assigned: dmitry (profile)
Status: No Feedback Package: CGI/CLI related
PHP Version: 5.3.1 OS: Freebsd
Private report: No CVE-ID: None
 [2010-02-09 20:53 UTC] php at linepoint dot com
Description:
------------
PHP v5.3+ now forces fastcgi support to be compiled into the executable, and upon execution of php-cgi, auto selects which mode (fastcgi/cgi) is to be used.

In some circumstances, it can guess incorrectly and use fastcgi mode when cgi mode should be used.

PHP's method of checking in sapi/cgi/fastcgi.c (line ~230) uses the errno returned (ENOTCONN) as an assumption that a local/unix socket connection must be a fastcgi call.

A alternative or secondary check should be implemented to verify that it's truly a fastcgi execution.

This problem was initially found when working with the Zeus Webserver (http://www.zeus.com), but can be reproduced with other systems that work the same way.

Reproduce code:
---------------
When php-cgi is called from a webserver, it checks stdin (fd 0) with a getpeername call to see if it's reading via a socket or not.  In some circumstances/webservers, php-cgi can be called using local sockets instead of file, but not be executed with fastcgi hooks.

Code in question:
--- sapi/cgi/fastcgi.c.orig     2010-02-09 12:25:49.000000000 -0500
                }
 #else
                errno = 0;
                if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN) {
                        fcgi_setup_signals();
                        return is_fastcgi = 1;
                } else {

---



Expected result:
----------------
Expected result is that fastcgi mode is used for fastcgi calls, and cgi mode is used for cgi calls.

A "proof of concept" patch which fixes the issue (this is not a final patch due to the fact the environmental variable checked is optional, not mandatory)

--- sapi/cgi/fastcgi.c.orig     2010-02-09 12:25:49.000000000 -0500
+++ sapi/cgi/fastcgi.c  2010-02-09 12:26:50.000000000 -0500
@@ -228,7 +228,7 @@
                }
 #else
                errno = 0;
-               if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN) {
+               if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN && getenv ("PHP_FCGI_CHILDREN") ) {
                        fcgi_setup_signals();
                        return is_fastcgi = 1;
                } else {


Actual result:
--------------
The current code auto selects fastcgi mode, when cgi mode is the desired result.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-04-20 16:36 UTC] dmitry@php.net
-Status: Assigned +Status: Feedback
 [2010-04-20 16:36 UTC] dmitry@php.net
The getpeername() check came from the reference libfcgi implementation.

The additional check for getenv("PHP_FCGI_CHILDREN") is not correct because PHP_FCGI_CHILDREN don't have to be set.

Really I can't find out a different check which will portable across different FastCGI managers.

Especially for Zeus (and any other web server which supports FastCGI) I would suggest to use FastCGI instead of CGI.
 [2013-02-18 00:34 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Sep 14 05:01:28 2024 UTC