diff options
| author | Remi Collet <remi@php.net> | 2014-11-20 15:17:02 +0100 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2014-11-20 15:17:02 +0100 |
| commit | 8904fbc6929aaf623d88127f876fa739c9ec627b (patch) | |
| tree | d456fc831f3c340f49a9a39e789b6d0820796c21 | |
| parent | 9081e8a4d29ab0a3dd009e5fb55be920ee5c7b58 (diff) | |
| parent | 15d86018664685bfe6097719a7ec4d5686c70451 (diff) | |
| download | php-git-8904fbc6929aaf623d88127f876fa739c9ec627b.tar.gz | |
Merge branch 'PHP-5.6'
* PHP-5.6:
NEWS
adapt test for error message introduce in fix for #68463
Fix bug #68463 listen.allowed_clients can silently result in no allowed access
| -rw-r--r-- | sapi/fpm/fpm/fastcgi.c | 4 | ||||
| -rw-r--r-- | sapi/fpm/tests/015.phpt | 40 |
2 files changed, 32 insertions, 12 deletions
diff --git a/sapi/fpm/fpm/fastcgi.c b/sapi/fpm/fpm/fastcgi.c index 432182ec2b..3473f4b175 100644 --- a/sapi/fpm/fpm/fastcgi.c +++ b/sapi/fpm/fpm/fastcgi.c @@ -280,6 +280,10 @@ void fcgi_set_allowed_clients(char *ip) } allowed_clients[n].sa.sa_family = 0; free(ip); + if (!n) { + zlog(ZLOG_ERROR, "There are no allowed addresses for this pool"); + /* don't clear allowed_clients as it will create an "open for all" security issue */ + } } } diff --git a/sapi/fpm/tests/015.phpt b/sapi/fpm/tests/015.phpt index 6390037eaf..fba333e256 100644 --- a/sapi/fpm/tests/015.phpt +++ b/sapi/fpm/tests/015.phpt @@ -8,19 +8,28 @@ FPM: Test various messages on start, from master and childs include "include.inc"; $logfile = dirname(__FILE__).'/php-fpm.log.tmp'; -$port = 9000+PHP_INT_SIZE; +$port1 = 9000+PHP_INT_SIZE; +$port2 = 9001+PHP_INT_SIZE; $cfg = <<<EOT [global] error_log = $logfile log_level = notice -[unconfined] -listen = 127.0.0.1:$port -listen.allowed_clients=127.0.0.1,xxx +[pool1] +listen = 127.0.0.1:$port1 +listen.allowed_clients=127.0.0.1 user = foo pm = dynamic pm.max_children = 5 -;pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +catch_workers_output = yes +[pool2] +listen = 127.0.0.1:$port2 +listen.allowed_clients=xxx +pm = dynamic +pm.max_children = 5 +pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 3 catch_workers_output = yes @@ -29,7 +38,7 @@ EOT; $fpm = run_fpm($cfg, $tail); if (is_resource($fpm)) { $i = 0; - while (($i++ < 30) && !($fp = @fsockopen('127.0.0.1', $port))) { + while (($i++ < 30) && !($fp = @fsockopen('127.0.0.1', $port1))) { usleep(10000); } if ($fp) { @@ -38,11 +47,16 @@ if (is_resource($fpm)) { } for ($i=0 ; $i<10 ; $i++) { try { - run_request('127.0.0.1', $port); + run_request('127.0.0.1', $port1); } catch (Exception $e) { - echo "Error\n"; + echo "Error 1\n"; } } + try { + run_request('127.0.0.1', $port2); + } catch (Exception $e) { + echo "Error 2\n"; + } proc_terminate($fpm); if (!feof($tail)) { echo stream_get_contents($tail); @@ -55,12 +69,14 @@ if (is_resource($fpm)) { Done --EXPECTF-- Started -[%s] NOTICE: [pool unconfined] pm.start_servers is not set. It's been set to 2. -[%s] NOTICE: [pool unconfined] 'user' directive is ignored when FPM is not running as root +Error 2 +[%s] NOTICE: [pool pool1] pm.start_servers is not set. It's been set to 2. +[%s] NOTICE: [pool pool1] 'user' directive is ignored when FPM is not running as root [%s] NOTICE: fpm is running, pid %d [%s] NOTICE: ready to handle connections -[%s] WARNING: [pool unconfined] child %d said into stderr: "ERROR: Wrong IP address 'xxx' in listen.allowed_clients" -[%s] WARNING: [pool unconfined] child %d said into stderr: "ERROR: Wrong IP address 'xxx' in listen.allowed_clients" +[%s] WARNING: [pool pool2] child %d said into stderr: "ERROR: Wrong IP address 'xxx' in listen.allowed_clients" +[%s] WARNING: [pool pool2] child %d said into stderr: "ERROR: There are no allowed addresses for this pool" +[%s] WARNING: [pool pool2] child %d said into stderr: "ERROR: Connection disallowed: IP address '127.0.0.1' has been dropped." [%s] NOTICE: Terminating ... [%s] NOTICE: exiting, bye-bye! Done |