ID: 39201 Updated by: [EMAIL PROTECTED] Reported By: thomas at partyflock dot nl -Status: Open +Status: Feedback Bug Type: Apache2 related Operating System: Linux (2.6.18) PHP Version: 5.1.6 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.2-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2006-10-19 20:10:24] thomas at partyflock dot nl Description: ------------ Insert ErrorDocument directive for error code 413 in httpd.conf: ErrorDocument 413 /anywhere Now post something to your webserver, with following invalid Content-Length: 1\r\r\n (extra carriage return) sapi_globals.request_info.post_data is allocated, in SAPI.c:sapi_read_standard_form_data on line 203. After the call to sapi_module.read_post on line 206, the POST request is transformed to a GET request for above error document and the sapi_globals.request_info.post_data is 0 at that point, resulting in a segmentation fault at SAPI.c line 223. Reproduce code: --------------- #!/usr/bin/perl -w use strict; use IO::Socket; if ($#ARGV < 0) { print STDERR "need hostname argument\n"; exit 1; } my $sock = IO::Socket::INET->new( 'PeerAddr' => $ARGV[0], 'PeerPort' => 80 ); if (!$sock) { print STDERR "failed to connect to port 80 of $ARGV[0]\n"; exit 1; } print $sock "POST / HTTP/1.0\r\n"; print $sock "Content-Length: 1\r\r\n\r\n"; print $sock "a"; undef $sock; Expected result: ---------------- Well, I'd expect it to not crash :) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39201&edit=1
