php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73778 FCGI_END_REQUEST repeated
Submitted: 2016-12-17 23:32 UTC Modified: 2017-01-11 05:56 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: max dot bruce12 at gmail dot com Assigned: krakjoe (profile)
Status: Closed Package: FPM related
PHP Version: 7.1.0 OS: Ubuntu 16.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: max dot bruce12 at gmail dot com
New email:
PHP Version: OS:

 

 [2016-12-17 23:32 UTC] max dot bruce12 at gmail dot com 
Description:
------------
When writing a web server that interfaces with PHP-FPM (PHP 7.0.8-0ubuntu0.16.04.3 (fpm-fcgi)), I noticed that extra FCGI_END_REQUESTs were sent after each request when using sending requests sequentially but not multiplexed. This happened using all 0's for request ids or sequential ids. 

Test script:
---------------
Send a request to the FCGI server.
Attempt to send another request or simply wait perhaps, on the same connection.

Actual result:
--------------
Caused misordered pages in my implementation which wasn't expecting extra end-requests, could allow users to interfere with others loading of web pages. Very insecure if not handled.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-11 05:56 UTC] krakjoe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: krakjoe
 [2017-01-11 05:56 UTC] krakjoe@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 10:01:29 2024 UTC