PHP :: Bug #79723 :: sapi_cgi_read_post() ignores EOF
| Bug #79723 | sapi_cgi_read_post() ignores EOF | ||||
|---|---|---|---|---|---|
| Submitted: | 2020-06-21 18:58 UTC | Modified: | 2021-11-28 21:15 UTC | ||
| From: | sam dot revitch at protonmail dot ch | Assigned: | bukka (profile) | ||
| Status: | Assigned | Package: | FPM related | ||
| PHP Version: | 7.4.7 | OS: | Linux | ||
| Private report: | No | CVE-ID: | None | ||
[2020-06-21 18:58 UTC] sam dot revitch at protonmail dot ch
Description: ------------ When FPM receives records: FCGI_BEGIN_REQUEST, FCGI_PARAMS, including CONTENT_LENGTH=x one or more nonempty FCGI_STDIN, with a total data length of y < x, and FCGI_STDIN end-of-stream (empty data) And the script reads php://input to the end, the read will hang until the socket is closed. This is because sapi_cgi_read_post() expects CONTENT_LENGTH bytes, and does not appear to honor the FastCGI end-of-stream indicator if it receives fewer. This is an edge case. I stumbled upon it using Apache, mod_proxy_fcgi, and mod_security, where mod_security aborts a request based on part of the body. It's certainly a bug that Apache doesn't close the FastCGI socket or send an abort record. However, PHP shouldn't be hanging indefinitely after receiving an end-of-stream.
Patches
fcgi-read-eos.patch (last revision 2020-06-21 18:59 UTC by sam dot revitch at protonmail dot ch)Pull Requests
History
AllCommentsChangesGit/SVN commits
[2021-11-28 21:15 UTC] bukka@php.net
-Assigned To: +Assigned To: bukk
[2021-11-28 21:15 UTC] bukka@php.net
-Assigned To: bukk +Assigned To: bukka