php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60206 possible integer overflow in content_length
Submitted: 2011-11-03 07:41 UTC Modified: 2011-11-03 07:43 UTC
From: laruence@php.net Assigned:
Status: Closed Package: *General Issues
PHP Version: 5.3.8 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: laruence@php.net
New email:
PHP Version: OS:

 

 [2011-11-03 07:41 UTC] laruence@php.net
Description:
------------
in php_apache_request_ctor (sapi/apache2handler/sapi_apache2.c)

	SG(request_info).content_length = (content_length ? atoi(content_length) : 
0);


so when the content_length exceed INT_MAX,  the content_length will be a wrong 
value. 

Test script:
---------------
none

Expected result:
----------------
none

Actual result:
--------------
none

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-03 07:41 UTC] laruence@php.net
-Status: Open +Status: Duplicate
 [2011-11-03 07:41 UTC] laruence@php.net
dup to #20605
 [2011-11-03 07:43 UTC] laruence@php.net
dup to #60205

and this problem exists not only in apache2handler sapi but other sapis
 [2012-04-18 09:48 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d0d0724c5de6397a4c9999568bc1fd7105ef5f
Log: Fixed bug #60206 (possible integer overflow in content_length)
 [2012-07-24 23:39 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d0d0724c5de6397a4c9999568bc1fd7105ef5f
Log: Fixed bug #60206 (possible integer overflow in content_length)
 [2013-11-17 09:35 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d0d0724c5de6397a4c9999568bc1fd7105ef5f
Log: Fixed bug #60206 (possible integer overflow in content_length)
 [2013-11-17 09:35 UTC] laruence@php.net
-Status: Duplicate +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 08:01:28 2024 UTC