archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 22:18:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-9949: Partial content on incomplete POST request

Browse source 
`ap_get_brigade()` may fail for different reasons, and we must not
pretend that a partially read POST payload is fine; instead we report
a content length of zero what matches all other `read_post()` callbacks
of bundled SAPIs.

Closes GH-10059.
This commit is contained in:
Christoph M. Becker 2022-12-06 17:37:47 +01:00
parent a1a69c3734
commit aef7d810d3
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
2 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -2,7 +2,8 @@ PHP NEWS
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.1.15 ?? ??? ????, PHP 8.1.15
- Apache:
. Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)
05 Jan 2023, PHP 8.1.14 05 Jan 2023, PHP 8.1.14

7
sapi/apache2handler/sapi_apache2.c
View file

@ -182,6 +182,7 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
php_struct *ctx = SG(server_context); php_struct *ctx = SG(server_context);
request_rec *r; request_rec *r;
apr_bucket_brigade *brigade; apr_bucket_brigade *brigade;
apr_status_t status;
r = ctx->r; r = ctx->r;
brigade = ctx->brigade; brigade = ctx->brigade;
@ -193,7 +194,7 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
* need to make sure that if data is available we fill the buffer completely. * need to make sure that if data is available we fill the buffer completely.
*/ */
while (ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len) == APR_SUCCESS) { while ((status = ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len)) == APR_SUCCESS) {
apr_brigade_flatten(brigade, buf, &len); apr_brigade_flatten(brigade, buf, &len);
apr_brigade_cleanup(brigade); apr_brigade_cleanup(brigade);
tlen += len; tlen += len;
@ -204,6 +205,10 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
len = count_bytes - tlen; len = count_bytes - tlen;
} }
if (status != APR_SUCCESS) {
return 0;
}
return tlen; return tlen;
} }