php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66479 Wrong response to FCGI_GET_VALUES
Submitted: 2014-01-13 20:19 UTC Modified: -
From: miloslav dot hula at gmail dot com Assigned:
Status: Closed Package: CGI/CLI related
PHP Version: Irrelevant OS:
Private report: No CVE-ID:
 [2014-01-13 20:19 UTC] miloslav dot hula at gmail dot com
Description:
------------
When querying PHP over FastCGI protocol, I receive a too long response. Moreover, only one value is returned even more were requested.

http://www.fastcgi.com/devkit/doc/fcgi-spec.html#S4.1


Test script:
---------------
# Let listen PHP as FastCGI on port 9000
php-cgi -b localhost:9000


# Build packt
# Packet content is Name-Value packed FCGI_MAX_CONNS=''
$content = "\x0e\x00FCGI_MAX_CONNS";

$packet = pack('CCnnCC',
	1, # Version = FCGI_CGI_VERSION
	9, # Type = FCGI_GET_VALUES
	0, # Request ID = FCGI_NULL_REQUEST_ID
	strlen($content), # Content length
	0, # Padding length
	0  # Reserved
) . $content;

# Connect to FastCGI
$socket = fsockopen('localhost', 9000);
fwrite($socket, $packet);

$header = (object) unpack(
	'Cversion/Ctype/nid/ncontentLength/CpaddingLength/Creserved',
	fread($socket, 8) # FCGI_HEADER_LEN
);

assert($header->version === 1); # Version = FCGI_CGI_VERSION
assert($header->type === 10); # Type = GET_VALUES_RESULT
assert($header->id === 0); # Request ID = FCGI_NULL_REQUEST_ID

var_dump($header->contentLength); # I get int(65520)

$raw = fread($socket, $header->contentLength);
var_dump($raw);

# string(...) "\016\002FCGI_MAX_CONNS10\016\002FCGI_MAX_CONNS10\016\002FCGI_MAX_CONNS10...."
# So reply is too long


# Next problem:
# FastCGI specification allows receive more then one value, but reply contains always only one, the last one requested.
# Try code above with:
$content = "\x0e\x00FCGI_MAX_CONNS"
	. "\xd\x00FCGI_MAX_REQS"
	. "\xf\x00FCGI_MPXS_CONNS";

Expected result:
----------------
Reply should contain a Name-Value pair exactly once for each requested.

Actual result:
--------------
Reply is too long, Name-Value pair is repeatedy concatenated, only one Name-Value pair is replied (the last one) even more requested.

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-01 08:37 UTC] stas@php.net
Automatic comment on behalf of f.stolle@hosting-agency.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6a905a9a3cae60ffb22f7472d9fa977e54c24d5d
Log: Fix #66479: Wrong response to FCGI_GET_VALUES
 [2015-02-01 08:37 UTC] stas@php.net
-Status: Open +Status: Closed
 [2015-02-01 08:37 UTC] stas@php.net
Automatic comment on behalf of f.stolle@hosting-agency.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1106b10ae8729a23fbc99366dc12731a8140b775
Log: Fix #66479: Wrong response to FCGI_GET_VALUES
 [2016-07-20 11:40 UTC] davey@php.net
Automatic comment on behalf of f.stolle@hosting-agency.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1106b10ae8729a23fbc99366dc12731a8140b775
Log: Fix #66479: Wrong response to FCGI_GET_VALUES
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Mon Apr 24 16:01:44 2017 UTC