|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79723 sapi_cgi_read_post() ignores EOF
Submitted: 2020-06-21 18:58 UTC Modified: 2021-11-28 21:15 UTC
From: sam dot revitch at protonmail dot ch Assigned: bukka (profile)
Status: Assigned Package: FPM related
PHP Version: 7.4.7 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2020-06-21 18:58 UTC] sam dot revitch at protonmail dot ch
When FPM receives records:

one or more nonempty FCGI_STDIN, with a total data length of y < x, and
FCGI_STDIN end-of-stream (empty data)

And the script reads php://input to the end, the read will hang until the socket is closed.  This is because sapi_cgi_read_post() expects CONTENT_LENGTH bytes, and does not appear to honor the FastCGI end-of-stream indicator if it receives fewer.

This is an edge case.  I stumbled upon it using Apache, mod_proxy_fcgi, and mod_security, where mod_security aborts a request based on part of the body.  It's certainly a bug that Apache doesn't close the FastCGI socket or send an abort record.  However, PHP shouldn't be hanging indefinitely after receiving an end-of-stream.


fcgi-read-eos.patch (last revision 2020-06-21 18:59 UTC by sam dot revitch at protonmail dot ch)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-06-21 18:59 UTC] sam dot revitch at protonmail dot ch
The following patch has been added/updated:

Patch Name: fcgi-read-eos.patch
Revision:   1592765946
 [2021-11-28 21:15 UTC]
-Assigned To: +Assigned To: bukk
 [2021-11-28 21:15 UTC]
This is related (sort of duplicate) to . The reasoning why it cannot be currently accepted can be found in
 [2021-11-28 21:15 UTC]
-Assigned To: bukk +Assigned To: bukka
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 16 10:01:28 2024 UTC