php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62983 if user exceeds post_max_size, script may hang on output
Submitted: 2012-08-31 15:13 UTC Modified: 2013-02-18 00:36 UTC
Votes:3
Avg. Score:4.0 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: bkfake-php at yahoo dot com Assigned:
Status: No Feedback Package: Output Control
PHP Version: 5.4.6 OS: Windows
Private report: No CVE-ID: None
 [2012-08-31 15:13 UTC] bkfake-php at yahoo dot com
Description:
------------
set post_max_size  in php.ini to something relatively small (for easy testing)
  say 2M or 3M
  upload_max_filesize setting does not matter...
       though for practical reasons it should be smaller than post_max_size

if posted data exceeds post_max_size... output seems to be limited to under 24500 - 33000 bytes  (a modest amount of html)     as soon as that unknown amount is exceeded, the script "hangs"?

*  next statement after the triggering echo (or print or file passthru, etc) is not executed.
*  headers not received by browser,
*  max_execution_time not reached
*  no errors generated (other than Warning "POST Content-Length of xxxx bytes exceeds the limit of xxxx bytes in Unknown on line 0,")

firefox just sits spinning "Sending request to localhost..."
IE says waiting for....


Test script:
---------------
<?php

/**
 * set post_max_size  in php.ini to something relatively small (for easy testing)
 *   say 2M or 3M
 *   upload_max_filesize setting does not matter...
 *       though for practical reasons it should be smaller than post_max_size
 *
 *   now using this script, upload a file that's over that limit.
 */

if ( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
	/**
	 * change $output_length to trigger the bug
	 *   on one system I tested, the magic number is 24506.. crashes at 24507
	 *   on another the number is 32742.. crashes at 32743
	 *   what limit am I encountering?
	 *   this number appears to be arbitrary... varying by system and
	 *     I think the scripts memory usage also affects how much may be returned
	 *     the number seems to remain static to that system..
	 *     but if I change this script, the number may change
	 *       (ie, changing the length of $repeat_str below)
	 */
	$output_length = 24593;		// increase/decrease to trigger/not-trigger the bug
	//
	$repeat_str = 'Too much arbitrary output and this script will hang.  Why so?'."\n";
	// even changing the length of $repeat_str seems to affect the total amount that can be output
	//     perhaps due to change in memory usage?
	header('Content-Length: '.$output_length);	// adding/removing headers does not have any effect
	$strlen_repeat_str = strlen($repeat_str);
	// output $repeat_str until out $strlen_output = $output_length
	$strlen_output = 0;	// including closing div;
	while ( $strlen_output < $output_length )
	{
		$diff = $output_length - $strlen_output;
		if ( $diff >= $strlen_repeat_str )
		{
			$strlen_output += $strlen_repeat_str;
			echo $repeat_str;
		}
		else
		{
			$strlen_output += $diff;
			echo substr($repeat_str,0,$diff);
		}
	}
	// when we go over $output_length,  script seems to hang on echo statement...
	//   headers not received by browser,
	//   max_execution_time not reached
	//   no errors generated (other than "PHP Warning	localhost	POST Content-Length of xxxx bytes exceeds the limit of xxxx bytes in Unknown on line 0,")
	//  firefox just sits spinning "Sending request to localhost..."
	//  IE says waiting for....
}
else
{
	echo 'uploading a file with a size over '.ini_get('post_max_size').' = potential crash';
	?>
	<form enctype="multipart/form-data" action="" method="post" >
		<input type="file" name="file" />
		<input type="submit" value="submit me!" />
	</form>
	<?php
}

?>

Expected result:
----------------
initial file-upload form...

after submitting the response should be the string 
"Too much arbitrary output and this script will hang.  Why so?"  repeated 400+times

Actual result:
--------------
script hangs -> nothing returned


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-08-31 16:27 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2012-08-31 16:27 UTC] laruence@php.net
are you using builtin webserver?
 [2012-08-31 18:00 UTC] bkfake-php at yahoo dot com
Apache 2.2

My apologies if I incorrectly categorized this finding under "Output Control"
 [2013-02-02 23:37 UTC] jan at lanteraudio dot nl
Using Apache 2.2 PHP 5.3.5 win xp pro sp3 FF16
Same problem
Very simple script, as soon as uploaded file size exceeds post_max_size script stops executing, no error message, so no way to inform users they input a too big file.
 [2013-02-18 00:36 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 02 21:01:30 2024 UTC