From: [EMAIL PROTECTED]
Operating system: SuSE7.0
PHP version: 4.0.4pl1
PHP Bug Type: HTTP related
Bug description: PHP dies with segfault when a post request has no content-type
[Tue Mar 20 15:09:20 2001] [error] PHP Warning: No content-type in POST request in
Unknown on line 0
Unknown(0) : Warning - No content-type in POST request
Program received signal SIGSEGV, Segmentation fault.
0x400c2073 in strstr () at ../sysdeps/generic/strstr.c:125
125 ../sysdeps/generic/strstr.c: No such file or directory.
(gdb) bt
#0 0x400c2073 in strstr () at ../sysdeps/generic/strstr.c:125
#1 0x401aef39 in rfc1867_post_handler () at rfc1867.c:426
#2 0x401abdd3 in sapi_handle_post () at SAPI.c:54
#3 0x401b0532 in php_treat_data () at php_variables.c:190
#4 0x401a9274 in php_hash_environment () at main.c:1039
#5 0x401a8836 in php_request_startup () at main.c:588
#6 0x401a4fa8 in apache_php_module_main () at sapi_apache.c:98
#7 0x401a5d69 in send_php () at mod_php4.c:433
#8 0x401a5db3 in send_parsed_php () at mod_php4.c:433
#9 0x8076669 in ap_invoke_handler ()
#10 0x808c05f in process_request_internal ()
#11 0x808c0d2 in ap_process_request ()
#12 0x8082c76 in child_main ()
#13 0x8082e55 in make_child ()
#14 0x8082fd6 in startup_children ()
#15 0x808365c in standalone_main ()
#16 0x8083eac in main ()
#17 0x40083a8e in __libc_start_main () at ../sysdeps/generic/libc-start.c:93
(gdb)
How to reproduce:
<body>
<form action="/phpinfo.php" method="post" enctype="multipart/form-data">
Some text here:<input type="text" name="v1"><br>
File here: <input type="file" name="test"><br>
<input type="submit">
</form>
</body>
Using Netscape on Linux, upload a file, then hit
reload (Meta-r) three times. NS will repost it only
two times, then complain /tmp/ns131323gibberish is not
found [a temp file in which it composes the multipart
post]
3rd time when you post it, it won't send proper Content-Type
header and hence the Warning.
The offending code is:
boundary = strstr(content_type_dup, "boundary");
in main/rfc1867.c:441
Patch:
check content_type_dup for null before strstr()-ing it.
[suggestion]
--- rfc1867.c Fri Dec 8 18:21:47 2000
+++ /tmp/rfc1867.c Tue Mar 20 15:59:39 2001
@@ -438,6 +438,11 @@
return;
}
+ if (!content_type_dup) {
+ sapi_module.sapi_error(E_COMPILE_ERROR, "Missing headers in
+multipart/form-data POST data");
+ return;
+ }
+
boundary = strstr(content_type_dup, "boundary");
if (!boundary || !(boundary=strchr(boundary, '='))) {
sapi_module.sapi_error(E_COMPILE_ERROR, "Missing boundary in
multipart/form-data POST data");
have fun,
--teodor
--
Edit Bug report at: http://bugs.php.net/?id=9870&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
