diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2003-03-25 01:34:32 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2003-03-25 01:34:32 +0000 |
commit | 519721851f8679f88346f479cac22cb10d21f892 (patch) | |
tree | 6bb76ff0bdcc10a4d578bdb6bbd3861a335a07d0 /sapi/apache2handler/sapi_apache2.c | |
parent | 66842efff7a91627efea072d85e12d7c630346b3 (diff) | |
download | php-git-519721851f8679f88346f479cac22cb10d21f892.tar.gz |
Fixed bug #22805 (Reading of user input could stop prematurely).
Diffstat (limited to 'sapi/apache2handler/sapi_apache2.c')
-rw-r--r-- | sapi/apache2handler/sapi_apache2.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 7d5148149d..92280607cb 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -149,32 +149,33 @@ php_apache_sapi_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC) static int php_apache_sapi_read_post(char *buf, uint count_bytes TSRMLS_DC) { - apr_size_t len; + apr_size_t len, tlen=0; php_struct *ctx = SG(server_context); request_rec *r; apr_bucket_brigade *brigade; - apr_status_t rv; r = ctx->r; brigade = ctx->brigade; len = count_bytes; - rv = ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, - APR_BLOCK_READ, len); + /* + * This loop is needed because ap_get_brigade() can return us partial data + * which would cause premature termination of request read. Therefor we + * need to make sure that if data is avaliable we fill the buffer completely. + */ - if (rv == APR_SUCCESS) { + while (ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len) == APR_SUCCESS) { apr_brigade_flatten(brigade, buf, &len); - } else { - len = 0; + apr_brigade_cleanup(brigade); + tlen += len; + if (tlen == count_bytes || !len) { + break; + } + buf += len; + len = count_bytes - tlen; } - - apr_brigade_cleanup(brigade); - /* This is downcast is okay, because len is constrained by - * count_bytes and we know ap_get_brigade won't return more - * than that. - */ - return len; + return tlen; } static struct stat* |