summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS4
-rw-r--r--sapi/fpm/fpm/fpm_children.c1
-rw-r--r--sapi/fpm/fpm/fpm_stdio.c6
-rw-r--r--sapi/fpm/tests/bug73342-nonblocking-stdio.phpt46
4 files changed, 51 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 435df031c8..c0e391cb6e 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@ PHP NEWS
- Date:
. Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)
+- FPM:
+ . Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to
+ non-blocking). (Nikita)
+
22 Jun 2019, PHP 7.1.19
- CLI Server:
diff --git a/sapi/fpm/fpm/fpm_children.c b/sapi/fpm/fpm/fpm_children.c
index b48fa54f53..4ee316ba1b 100644
--- a/sapi/fpm/fpm/fpm_children.c
+++ b/sapi/fpm/fpm/fpm_children.c
@@ -146,6 +146,7 @@ static struct fpm_child_s *fpm_child_find(pid_t pid) /* {{{ */
static void fpm_child_init(struct fpm_worker_pool_s *wp) /* {{{ */
{
fpm_globals.max_requests = wp->config->pm_max_requests;
+ fpm_globals.listening_socket = dup(wp->listening_socket);
if (0 > fpm_stdio_init_child(wp) ||
0 > fpm_log_init_child(wp) ||
diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c
index 40720176e1..76e8b324df 100644
--- a/sapi/fpm/fpm/fpm_stdio.c
+++ b/sapi/fpm/fpm/fpm_stdio.c
@@ -103,12 +103,6 @@ int fpm_stdio_init_child(struct fpm_worker_pool_s *wp) /* {{{ */
fpm_globals.error_log_fd = -1;
zlog_set_fd(-1);
- if (wp->listening_socket != STDIN_FILENO) {
- if (0 > dup2(wp->listening_socket, STDIN_FILENO)) {
- zlog(ZLOG_SYSERROR, "failed to init child stdio: dup2()");
- return -1;
- }
- }
return 0;
}
/* }}} */
diff --git a/sapi/fpm/tests/bug73342-nonblocking-stdio.phpt b/sapi/fpm/tests/bug73342-nonblocking-stdio.phpt
new file mode 100644
index 0000000000..3cf44d11ff
--- /dev/null
+++ b/sapi/fpm/tests/bug73342-nonblocking-stdio.phpt
@@ -0,0 +1,46 @@
+--TEST--
+FPM: bug73342 - Non-blocking stdin
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+require_once "tester.inc";
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+EOT;
+
+$code = <<<EOT
+<?php
+echo "Before\n";
+stream_set_blocking(fopen('php://stdin', 'r'), false);
+echo "After\n";
+EOT;
+
+$tester = new FPM\Tester($cfg, $code);
+$tester->start();
+$tester->expectLogStartNotices();
+$tester->request()->expectBody("Before\nAfter");
+$tester->request()->expectBody("Before\nAfter");
+$tester->terminate();
+$tester->expectLogTerminatingNotices();
+$tester->close();
+
+?>
+Done
+--EXPECT--
+Done
+--CLEAN--
+<?php
+require_once "tester.inc";
+FPM\Tester::clean();
+?>
View Lorry Controller Status