Bug fixed #61471 #2323
Bug fixed #61471 #2323
Conversation
|
@weltling please can you deal with this one, since you are familiar with previous patch ;) |
|
Thanks for the continuation, @axot. @krakjoe well, i'm indeed faminial with reverting the commit :) What would be great is that the reporters of the issue in the previous ticket could retest the new patch, @alexpott ping. On my side, I also had compilation issues with the old patch and APache 2.4.10 somehow, need to retest that as well. Thanks. |
|
Okay, I'll deal with it when we it has been reviewed :) |
|
I think @laruence handled this last time :) |
|
Thanks @nikic, reassigned ... |
|
ping @laruence can we get your input here please ? |
|
@axot I've built PHP7 including your PR and the tests that were failing now pass. That's not to say there might be some other effect but at least the original issue we had won't happen again. |
|
@alexpott Thanks for testing this! |
|
@alexpott coud you provide your testcode so we can add it with this PR? |
|
@staabm I was running parts of the Drupal 8 test suite so I'm not sure that that is relevant. |
|
LGTM, only question I have is whether post_read_data should really be in the main SAPI globals rather than the Apache specific ones? |
|
@nikic Hi, I moved post_read_error from SAPI globals to AP2, is it seems better now? |
|
@weltling are SAPI (specific) globals part of ABI, they would appear to be ? |
|
@krakjoe indeed, any exported structs are part of ABI. The change is acceptable in this case, was no ABI breach in the previous variant, too. Otheriwse, as it only one file related, the flag could fit to be a thread local. I've also rebuilt this with an older Apache 2.4, seems fine now. Thanks. |
|
ofc, end of struct ... |
|
Actually doesn't matter where, even on 32-bit with default 4-byte alignment it'll still have a gap of one byte. Thanks. |
|
Merged via 80c8d84. Thanks! |
|
@weltling It looks like that partially uploaded |
|
Thank you for reporting. call > git diff
diff --git i/sapi/apache2handler/sapi_apache2.c w/sapi/apache2handler/sapi_apache2.c
index 7fc81bb4e0..55daca9c76 100644
--- i/sapi/apache2handler/sapi_apache2.c
+++ w/sapi/apache2handler/sapi_apache2.c
@@ -719,6 +719,7 @@ zend_first_try {
if (AP2(post_read_error)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error while attempting to read POST data: %d", SG(sapi_headers).http_response_code);
+ php_apache_request_dtor(r);
apr_brigade_cleanup(brigade);
PHPAP_INI_OFF;
return SG(sapi_headers).http_response_code; |
|
I think this should be reverted ASAP because it opens door for an easy DoS attack. See my bug report https://bugs.php.net/bug.php?id=74318 |
|
Taking in account also 80c8d84#commitcomment-21472893, we're going to indeed revert this patch again :( @axot Appreciation to your work! Looks like we need more QA for this fix. The recommendation is to target 7.2 with a followup PR, and try to gather more feedback. When the known issues are fixed, we'll have a good chance in the 7.2 pre phase. Thanks. |
This is an improved bug fix for
#61471related to #2180.