PHP :: Bug #71466 :: fopen php://input without reading from it terminates script output prematurely

Bug #71466

fopen php://input without reading from it terminates script output prematurely

Submitted:

2016-01-27 22:34 UTC

Modified:

2016-02-08 03:05 UTC

Votes:	5
Avg. Score:	4.4 ± 0.8
Reproduced:	5 of 5 (100.0%)
Same Version:	5 (100.0%)
Same OS:	3 (60.0%)

From:

robin at mccorkell dot me dot uk

Assigned:

laruence (profile)

Status:

Closed

Package:

FPM related

PHP Version:

7.0.2

OS:

Arch Linux x86_64

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	robin at mccorkell dot me dot uk
New email:
PHP Version:		OS:

New/Additional Comment:

[2016-01-27 22:34 UTC] robin at mccorkell dot me dot uk

Description:
------------
This bug occurs only with php-fpm using the unix socket, mod_php and php-fpm with TCP sockets were also tested and did not exhibit this bug.

When a script opens php://input for reading, then does not read from it, the connection to any client is terminated early: cURL reports "transfer closed with outstanding read data remaining", nginx reports "readv() failed (104: Connection reset by peer) while reading upstream".

This also only occurs if some body has been sent with the request, so GETs are unaffected, also it seems that POSTs are unaffected (contrast with PUT, PATCH, PROPFIND etc which do have this issue).

To reproduce, set up an environment as described above, put the attached test script in an accessible place, then run the following or equivalent:

curl -i -X PROPFIND http://hostname/path/to/script.php -d "ping"

Downstream bug reports:

https://github.com/owncloud/core/issues/21935
https://stackoverflow.com/questions/34244406/readv-failed-on-propfind-request-while-reading-php-input-php-7-nginx

Test script:
---------------
<?php

$fh = fopen("php://input", "r");
echo "pong";

Expected result:
----------------
pong

Notice that removing the body (remove -d "ping" from the cURL line), or reading some bytes from the php://input stream, or not opening the input stream at all, will result in the expected "pong" response.

Actual result:
--------------
transfer closed with outstanding read data remaining

Patches

Add a Patch

Pull Requests

Pull requests:

Properly read any remaining data when closing FastCGI socket (php-src/1745)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-01-28 12:23 UTC] robin at mccorkell dot me dot uk

I did a bisect on the source, 18cf4e0a8a574034f60f4d123407c173e57e54ec is the breaking commit

[2016-02-08 03:05 UTC] laruence@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence

[2016-02-08 03:05 UTC] laruence@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 17:01:29 2024 UTC