php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70879 Content-Length with apache2handler may be limited to 2G
Submitted: 2015-11-08 14:14 UTC Modified: 2016-02-24 13:48 UTC
From: aharvey@php.net Assigned: aharvey (profile)
Status: Closed Package: Apache2 related
PHP Version: 5.6Git-2015-11-08 (Git) OS: Linux (32 bit)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: aharvey@php.net
New email:
PHP Version: OS:

 

 [2015-11-08 14:14 UTC] aharvey@php.net
Description:
------------
Under the apache2handler SAPI, setting a Content-Length header via header() with a value beyond LONG_MAX will result in the value being truncated to LONG_MAX, even when the apr_off_t type allows for a larger value, due to the unconditional use of strtol() in php_apache_sapi_header_handler() on non-Windows platforms.

To fix this, we should check sizeof(apr_off_t) and call strtoll() as appropriate.

Test script:
---------------
<?php
header('Content-Length: 4294967296');
header('Content-Type: application/octet-stream');
$fp = fopen('/dev/zero', 'rb');
fpassthru($fp);
fclose($fp);
?>

Place in an Apache 2 handler environment, and then use curl -I to send a HEAD request and get the headers.

Expected result:
----------------
HTTP/1.1 200 OK
Date: Sun, 08 Nov 2015 14:11:19 GMT
Server: Apache/2.4.7 (Ubuntu) PHP/5.6.16-dev
X-Powered-By: PHP/5.6.16-dev
Content-Length: 4294967296
Content-Type: application/octet-stream

Actual result:
--------------
HTTP/1.1 200 OK
Date: Sun, 08 Nov 2015 14:03:35 GMT
Server: Apache/2.4.7 (Ubuntu) PHP/5.6.16-dev
X-Powered-By: PHP/5.6.16-dev
Content-Length: 2147483647
Content-Type: application/octet-stream

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-08 14:15 UTC] aharvey@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: aharvey
 [2016-02-24 13:48 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2016-02-24 13:48 UTC] ab@php.net
This is merged and available since 5.6.18 and 7.0.3, my bad not closing it.

Thanks.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sat Jan 18 03:01:28 2025 UTC