Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:7615
Return-Path: <pdoru@kappa.ro>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93639 invoked by uid 1010); 5 Feb 2004 14:51:06 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 93603 invoked from network); 5 Feb 2004 14:51:06 -0000
Received: from unknown (HELO from.ro) (194.102.255.9)
  by pb1.pair.com with SMTP; 5 Feb 2004 14:51:06 -0000
Received: from dtp-cable1.kappa.ro (dtp-cable1.kappa.ro [194.102.251.61])
  (AUTH: LOGIN pdoru, TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA)
  by from.ro with esmtp; Thu, 05 Feb 2004 16:51:05 +0200
To: Jani Taskinen <sniper@iki.fi>
Cc: internals@lists.php.net, pdoru@kappa.ro
In-Reply-To: <Pine.LNX.4.53.0402051427070.22605@ybpnyubfg.ybpnyqbznva>
References: <1075974111.3098.59.camel@dtp.kappa.ro>
	 <Pine.LNX.4.53.0402051427070.22605@ybpnyubfg.ybpnyqbznva>
Content-Type: multipart/mixed; boundary="=-aYqx7FfqNucjx+c6IKiD"
Organization: 
Message-ID: <1075992654.4219.1.camel@dtp.kappa.ro>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) 
Date: 05 Feb 2004 16:50:54 +0200
Subject: Re: [PHP-DEV] apache2 sapi uninitialized content-length value
From: pdoru@kappa.ro (Doru Petrescu)

--=-aYqx7FfqNucjx+c6IKiD
Content-Type: text/plain
Content-Transfer-Encoding: 7bit



On Thu, 2004-02-05 at 14:27, Jani Taskinen wrote: 
>     I don't remember seeing any patch..nor do I see one now..
>     And what exactly is the problem you see that the patch fixes?


Here it is again ...
Is there a problem with the archive from 20 Nov 2003 ?!?!?



> On Thu, 5 Feb 2004, Doru Petrescu wrote:
> 
> >
> >
> >Hi,
> >
> >some time ago I sent a patch to fix this uninitialized variable in the
> >apache2 sapi code. all other SAPIs DO initialize it, so I figured out it
> >is something that should be corrected. 
> >
> >I see neither php-5.0.0B3 nor php-4.3.5RC2 implement this.
> >
> >Can someone comment on this ? Was my 2 line patch incorrectly wrote ?
> >Maybe it did not apply ? Maybe it is wrong to initialize that variable ?
> >but then why other SAPIs initialize it ? are them wrong ? is there a
> >hidden security problem that I did not see ?
> >
> >My original email was sent on 20 Nov 2003, original subj was "[PHP-DEV]
> >[PATCH] sapi apache2 uninitialized content-length value"
> >
> >
> >

--=-aYqx7FfqNucjx+c6IKiD
Content-Disposition: inline; 
Content-Transfer-Encoding: quoted-printable
Content-Type: message/rfc822

From: Doru Petrescu <pdoru@kappa.ro>
To: internals@lists.php.net
Message-Id: <1069326795.3409.56.camel@dtp.kappa.ro>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=3D3D3D3D"=3D3D3D3D_dial-30688-10693=
2681=3D
X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5)=3D3D3D20
Date: 20 Nov 2003 13:13:15 +0200
Subject: [PHP-DEV] [PATCH] sapi apache2 uninitialized content-length value
X-Evolution-Source: pop://pdoru@from.ro/

This is a MIME-formatted message.  If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=3D3D3D3D_dial-30688-1069326812-0001-2
Content-Type: text/plain; charset=3D3D3D3Diso-8859-1
Content-Transfer-Encoding: 8bit


   Hi,

   While playing with the upload progress meter I noticed that apache2
sapi implementation does not initialize the content-length sapi
variable. Apache 1.3 sapi does! and so does ALL OTHER interfaces. A
quick grep into the sources will reveal that only apache2handler and
apache2filter does not initialize this. Is there a reason for this ? Or
is just something that sliped ?

   I wrote a patch to fix this. see attached. tested and it works with
no problem and correctly reports the content-length.
   It is very simple and straight forward. copy/paste from apache 1.3
interface. now, I just wish nobody will upload anything over 2GB -
integer overflow will doom the upload.

  =3D3D3D20
  =3D3D3D20
--=3D3D3D20


Best regards,
Doru Petrescu
Senior Software Engineer
Astral Telecom Bucuresti
                                                                           =
=3D
=3D3D
=3D3D3D
                        =3D3D3D20




--=3D3D3D3D_dial-30688-1069326812-0001-2
Content-Type: text/x-patch; name=3D3D3D3D"patch.sapi_apache2_content_length=
.t=3D
xt=3D3D
";=3D3D3D
 charset=3D3D3D3Diso-8859-1
Content-Disposition: attachment; filename=3D3D3D3Dpatch.sapi_apache2_conten=
t_=3D
le=3D3D
ng=3D3D3D
th.txt
Content-Transfer-Encoding: 8bit

diff -rubB orig/php-4.3.4/sapi/apache2filter/sapi_apache2.c php-4.3.4/sapi/=
=3D
=3D3D
=3D3D3D
apache2filter/sapi_apache2.c
--- orig/php-4.3.4/sapi/apache2filter/sapi_apache2.c	2003-08-03 22:31:13.00=
=3D
=3D3D
=3D3D3D
0000000 +0300
+++ php-4.3.4/sapi/apache2filter/sapi_apache2.c	2003-11-19 19:34:02.0000000=
=3D
=3D3D
=3D3D3D
00 +0200
@@ -376,6 +376,7 @@
 static void php_apache_request_ctor(ap_filter_t *f, php_struct *ctx TSRMLS=
=3D
=3D3D
=3D3D3D
_DC)
 {
 	char *content_type;
+	char *content_length;
 	const char *auth;
 =3D3D3D09
 	PG(during_request_startup) =3D3D3D3D 0;
@@ -393,6 +394,10 @@
 	SG(request_info).post_data =3D3D3D3D ctx->post_data;
 	SG(request_info).post_data_length =3D3D3D3D ctx->post_len;
 	efree(content_type);
+
+	content_length =3D3D3D3D (char *) apr_table_get(f->r->headers_in, "Conten=
t-=3D
Le=3D3D
ng=3D3D3D
th");
+	SG(request_info).content_length =3D3D3D3D (content_length ? atoi(content_=
le=3D
ng=3D3D
th=3D3D3D
) : 0);
+=3D3D3D09
 	apr_table_unset(f->r->headers_out, "Content-Length");
 	apr_table_unset(f->r->headers_out, "Last-Modified");
 	apr_table_unset(f->r->headers_out, "Expires");
diff -rubB orig/php-4.3.4/sapi/apache2handler/sapi_apache2.c php-4.3.4/sapi=
=3D
=3D3D
=3D3D3D
/apache2handler/sapi_apache2.c
--- orig/php-4.3.4/sapi/apache2handler/sapi_apache2.c	2003-10-02 06:24:43.0=
=3D
=3D3D
=3D3D3D
00000000 +0300
+++ php-4.3.4/sapi/apache2handler/sapi_apache2.c	2003-11-19 19:34:52.000000=
=3D
=3D3D
=3D3D3D
000 +0200
@@ -414,6 +414,7 @@
 static void php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS=
=3D
=3D3D
=3D3D3D
_DC)
 {
 	char *content_type;
+	char *content_length;
 	const char *auth;
=3D3D3D20
 	SG(sapi_headers).http_response_code =3D3D3D3D !r->status ? HTTP_OK : r->s=
ta=3D
tu=3D3D
s;
@@ -428,6 +429,9 @@
 	ap_set_content_type(r, apr_pstrdup(r->pool, content_type));
 	efree(content_type);
=3D3D3D20
+	content_length =3D3D3D3D (char *) apr_table_get(f->r->headers_in, "Conten=
t-=3D
Le=3D3D
ng=3D3D3D
th");
+	SG(request_info).content_length =3D3D3D3D (content_length ? atoi(content_=
le=3D
ng=3D3D
th=3D3D3D
) : 0);
+
 	apr_table_unset(r->headers_out, "Content-Length");
 	apr_table_unset(r->headers_out, "Last-Modified");
 	apr_table_unset(r->headers_out, "Expires");


--=3D3D3D3D_dial-30688-1069326812-0001-2
Content-Type: text/plain; charset=3D3D3D3Dus-ascii
Content-Transfer-Encoding: 8bit

--=3D3D3D20
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--=3D3D3D3D_dial-30688-1069326812-0001-2--


--3D--

--3D3D--

--3D3D3D--

--=-aYqx7FfqNucjx+c6IKiD--