php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60659 FPM does not clear auth_user on request accept
Submitted: 2012-01-04 20:14 UTC Modified: 2012-01-04 21:19 UTC
From: bonbons at linux-vserver dot org Assigned: fat (profile)
Status: Closed Package: FPM related
PHP Version: 5.3.8 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bonbons at linux-vserver dot org
New email:
PHP Version: OS:

 

 [2012-01-04 20:14 UTC] bonbons at linux-vserver dot org
Description:
------------
Multiple requests hitting the same FPM worker process will get logged (by php-fpm) with the last authenticated user seen instead of empty when there is no authenticated user for the current request.

Attached patch clears auth_user field (and also clears query_string), those two being the only char arrays not seeing initialization in fpm_request_accepting().

Test script:
---------------
# configure php-fpm to use only one worker and log access
restart php-fpm
curl -u user $php_fpm_page_via_nginx
curl $php_fpm_page_via_nginx
curl $php_fpm_page_via_nginx
# All logged access lines will show remote user to be "user"


Patches

php-fpm-clear-auth_user-on-accept.patch (last revision 2012-01-04 20:22 UTC by bonbons at linux-vserver dot org)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-04 21:17 UTC] fat@php.net
Automatic comment from SVN on behalf of fat
Revision: http://svn.php.net/viewvc/?view=revision&revision=321770
Log: - Fixed bug #60659 (FPM does not clear auth_user on request accept)
 [2012-01-04 21:19 UTC] fat@php.net
Automatic comment from SVN on behalf of fat
Revision: http://svn.php.net/viewvc/?view=revision&revision=321771
Log: - Fixed credits for bug #60659
 [2012-01-04 21:19 UTC] fat@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: fat
 [2012-01-04 21:19 UTC] fat@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Thanks you very much for this fix.
 [2012-04-18 09:46 UTC] laruence@php.net
Automatic comment on behalf of fat
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a67d26633c73471b506d2642d4b19baa9b53c8a
Log: - Fixed bug #60659 (FPM does not clear auth_user on request accept)
 [2012-07-24 23:37 UTC] rasmus@php.net
Automatic comment on behalf of fat
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a67d26633c73471b506d2642d4b19baa9b53c8a
Log: - Fixed bug #60659 (FPM does not clear auth_user on request accept)
 [2013-11-17 09:34 UTC] laruence@php.net
Automatic comment on behalf of fat
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a67d26633c73471b506d2642d4b19baa9b53c8a
Log: - Fixed bug #60659 (FPM does not clear auth_user on request accept)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Oct 11 01:01:27 2024 UTC