Fix phpGH-9949: Partial content on incomplete POST request

`ap_get_brigade()` may fail for different reasons, and we must not pretend that a partially read POST payload is fine; instead we report a content length of zero what matches all other `read_post()` callbacks of bundled SAPIs. Closes phpGH-10059.
liruqi · Dec 13, 2022 · aef7d81 · aef7d81
1 parent a1a69c3
commit aef7d81
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -2,7 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.1.15
 
-
+- Apache:
+  . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)
 
 05 Jan 2023, PHP 8.1.14
 

diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c
@@ -182,6 +182,7 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
 	php_struct *ctx = SG(server_context);
 	request_rec *r;
 	apr_bucket_brigade *brigade;
+	apr_status_t status;
 
 	r = ctx->r;
 	brigade = ctx->brigade;
@@ -193,7 +194,7 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
 	 * need to make sure that if data is available we fill the buffer completely.
 	 */
 
-	while (ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len) == APR_SUCCESS) {
+	while ((status = ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len)) == APR_SUCCESS) {
 		apr_brigade_flatten(brigade, buf, &len);
 		apr_brigade_cleanup(brigade);
 		tlen += len;
@@ -204,6 +205,10 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
 		len = count_bytes - tlen;
 	}
 
+	if (status != APR_SUCCESS) {
+		return 0;
+	}
+
 	return tlen;
 }