PHP :: Bug #64014 :: 10 second delay in returning file_get

Bug #64014	10 second delay in returning file_get_contents('php://input')
Submitted:	2013-01-17 23:29 UTC	Modified:	2013-01-24 13:03 UTC
From:	dagan at digitalconversations dot tv	Assigned:
Status:	Not a bug	Package:	Apache2 related
PHP Version:	5.3.21	OS:	ubuntu 12+
Private report:	No	CVE-ID:	None

View Developer Edit

[2013-01-17 23:29 UTC] dagan at digitalconversations dot tv

Description:
------------
If an invalid Content-Length header is sent with a request, attempting to read the 
request body via file_get_contents('php://input') results in a delay of 10 seconds  
while, I assume, a timeout is waited on.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-01-24 13:03 UTC] krakjoe@php.net

This is not a bug in PHP, it's a bug in the client that sent the incorrect 
Content-Length header.

[2013-01-24 13:03 UTC] krakjoe@php.net

-Status: Open +Status: Not a bug

[2015-09-02 19:48 UTC] mike dot sherov at gmail dot com

> This is not a bug in PHP, it's a bug in the client that sent the incorrect 
Content-Length header.

I would imagine this to be a security vulnerability akin to a slowloris attack. The "client" sending the incorrect header can be malicious.

How do we address this bug? 

See here for more info / PoC code http://stackoverflow.com/questions/14295901/php-file-get-contentsphp-input-very-slow

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC