php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71466 fopen php://input without reading from it terminates script output prematurely
Submitted: 2016-01-27 22:34 UTC Modified: 2016-02-08 03:05 UTC
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:5 of 5 (100.0%)
Same Version:5 (100.0%)
Same OS:3 (60.0%)
From: robin at mccorkell dot me dot uk Assigned: laruence (profile)
Status: Closed Package: FPM related
PHP Version: 7.0.2 OS: Arch Linux x86_64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: robin at mccorkell dot me dot uk
New email:
PHP Version: OS:

 

 [2016-01-27 22:34 UTC] robin at mccorkell dot me dot uk
Description:
------------
This bug occurs only with php-fpm using the unix socket, mod_php and php-fpm with TCP sockets were also tested and did not exhibit this bug.

When a script opens php://input for reading, then does not read from it, the connection to any client is terminated early: cURL reports "transfer closed with outstanding read data remaining", nginx reports "readv() failed (104: Connection reset by peer) while reading upstream".

This also only occurs if some body has been sent with the request, so GETs are unaffected, also it seems that POSTs are unaffected (contrast with PUT, PATCH, PROPFIND etc which do have this issue).

To reproduce, set up an environment as described above, put the attached test script in an accessible place, then run the following or equivalent:

curl -i -X PROPFIND http://hostname/path/to/script.php -d "ping"

Downstream bug reports:

https://github.com/owncloud/core/issues/21935
https://stackoverflow.com/questions/34244406/readv-failed-on-propfind-request-while-reading-php-input-php-7-nginx

Test script:
---------------
<?php

$fh = fopen("php://input", "r");
echo "pong";

Expected result:
----------------
pong

Notice that removing the body (remove -d "ping" from the cURL line), or reading some bytes from the php://input stream, or not opening the input stream at all, will result in the expected "pong" response.

Actual result:
--------------
transfer closed with outstanding read data remaining

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-01-28 12:23 UTC] robin at mccorkell dot me dot uk
I did a bisect on the source, 18cf4e0a8a574034f60f4d123407c173e57e54ec is the breaking commit
 [2016-02-08 03:05 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2016-02-08 03:05 UTC] laruence@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Dec 04 22:05:52 2022 UTC