Fix #69487: SAPI may truncate POST data

If SG(request_info).request_body can't be completely written (e.g. due to a full drive), only parts of the POST data will be available. This patch changes this, so that SG(request_info).request_body will be reset in this case, and a warning will be thrown.
author: Christoph M. Becker <cmbecker69@gmx.de> 2015-08-10 01:33:20 +0200
committer: Christoph M. Becker <cmb@php.net> 2015-08-11 01:32:13 +0200
commit: 48c71cd94bc5ed580c010fc5baef6f3a19309c88 (patch)
tree: 506d7c0bbf02e139873aff32a97949fd57484ea8 /main/SAPI.c
parent: 8bac087a79863870a3dfe78c8b3468edf63b063c (diff)
download: php-git-48c71cd94bc5ed580c010fc5baef6f3a19309c88.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/main/SAPI.c b/main/SAPI.c
index 550a4daf87..9b5ea1ae62 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -290,7 +290,12 @@ SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data)
 			read_bytes = sapi_read_post_block(buffer, SAPI_POST_BLOCK_SIZE TSRMLS_CC);
 
 			if (read_bytes > 0) {
-				php_stream_write(SG(request_info).request_body, buffer, read_bytes);
+				if (php_stream_write(SG(request_info).request_body, buffer, read_bytes) != read_bytes) {
+					/* if parts of the stream can't be written, purge it completely */
+					php_stream_truncate_set_size(SG(request_info).request_body, 0);
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "POST data can't be buffered; all data discarded");
+					break;
+				}
 			}
 
 			if ((SG(post_max_size) > 0) && (SG(read_post_bytes) > SG(post_max_size))) {
author	Christoph M. Becker <cmbecker69@gmx.de>	2015-08-10 01:33:20 +0200
committer	Christoph M. Becker <cmb@php.net>	2015-08-11 01:32:13 +0200
commit	48c71cd94bc5ed580c010fc5baef6f3a19309c88 (patch)
tree	506d7c0bbf02e139873aff32a97949fd57484ea8 /main/SAPI.c
parent	8bac087a79863870a3dfe78c8b3468edf63b063c (diff)
download	php-git-48c71cd94bc5ed580c010fc5baef6f3a19309c88.tar.gz