[php-maint] Bug#799851: libapache2-mod-php5filter: HTTP_RAW_POST_DATA mangled when bin data is sent in HTTP POST request

Ludovic Pouzenc ludovic.pouzenc at univ-jfc.fr
Wed Sep 23 09:42:59 UTC 2015 

Package: libapache2-mod-php5filter
Version: 5.6.13+dfsg-0+deb8u1
Severity: important

Dear Maintainer,

When using Fusion Inventory plugin over GLPI 0.84 (from debian repo), we
have hit a bug. It happens when the agent tries to send a huge (30k) XML
chunk, xlib compressed over HTTP POST.

The PHP code in Fusion Inventory uses $HTTP_RAW_POST_DATA. We have found
that the binary blob in the POST is around 13kB but the PHP var contains
way less data, like 120 bytes or 1.5 kB in other situations.

Tried php://input : same size as in $HTTP_RAW_POST_DATA.

In apache2 log, shitty things happens :
172.16.2.120 - - [23/Sep/2015:10:50:40 +0200] "POST 
/glpi/plugins/fusioninventory/ HTTP/1.1" 200 0 "-" 
"FusionInventory-Agent_v2.3.16"
172.16.2.120 - - [23/Sep/2015:10:50:40 +0200] 
"\x9cv\xdej\xc0\xe3e\xc2H\xc5\x99\x0e" 400 0 "-" "-"

With Wireshark, we have found that on the HTTP connection, there is 2
replies on the Fusion Inventory single request (an HTTP/200 from PHP, a
HTTP 400 from apache).

Everything starts to work normally when replacing
libapache2-mod-php5filter with libapache2-mod-php5.

The expected behavior is to have $HTTP_RAW_POST_DATA or php://input
reflecting the whole binary data sent over the wire.

You could check in atttachement the tcp tchat between fusion Inventory
agent and theh GLPI server. Taken from Wireshark / follow TCP stream /
Save as... The agent talks first with HTTP POSTING a "big" blob, then
server replies HTTP/1.1 200 OK with another zlib compressed blob and
a second reply (without any request from the agent) is sent by apache
(HTTP 400).


-- Package-specific info:
==== Additional PHP 5 information ====

++++ PHP 5 SAPI (php5query -S): ++++
cli
apache2filter

++++ PHP 5 Extensions (php5query -M -v): ++++
opcache (Enabled for cli by maintainer script)
opcache (Enabled for apache2filter by maintainer script)
json (Enabled for cli by maintainer script)
json (Enabled for apache2filter by maintainer script)
readline (Enabled for cli by maintainer script)
readline (Enabled for apache2filter by maintainer script)
pdo (Enabled for cli by maintainer script)
pdo (Enabled for apache2filter by maintainer script)

++++ Configuration files: ++++
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions = 
pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]

**** /etc/php5/apache2filter/conf.d/20-json.ini ****
extension=json.so

**** /etc/php5/apache2filter/conf.d/05-opcache.ini ****
zend_extension=opcache.so

**** /etc/php5/apache2filter/conf.d/20-readline.ini ****
extension=readline.so

**** /etc/php5/apache2filter/conf.d/10-pdo.ini ****
extension=pdo.so


-- System Information:
Debian Release: 8.0
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libapache2-mod-php5filter depends on:
ii  apache2                             2.4.10-10+deb8u3
ii  apache2-bin [apache2-api-20120211]  2.4.10-10+deb8u3
ii  libbz2-1.0                          1.0.6-7+b3
ii  libc6                               2.19-18
ii  libcomerr2                          1.42.12-1.1
ii  libdb5.3                            5.3.28-9
ii  libgssapi-krb5-2                    1.12.1+dfsg-19
ii  libk5crypto3                        1.12.1+dfsg-19
ii  libkrb5-3                           1.12.1+dfsg-19
ii  libmagic1                           1:5.22+15-2
ii  libonig2                            5.9.5-3.2
ii  libpcre3                            2:8.35-3.3
ii  libqdbm14                           1.8.78-5+b1
ii  libssl1.0.0                         1.0.1k-3
ii  libxml2                             2.9.1+dfsg1-5
ii  mime-support                        3.58
ii  php5-cli                            5.6.13+dfsg-0+deb8u1
ii  php5-common                         5.6.13+dfsg-0+deb8u1
ii  php5-json                           1.3.6-1
ii  tzdata                              2015d-0+deb8u1
ii  ucf                                 3.0030
ii  zlib1g                              1:1.2.8.dfsg-2+b1

libapache2-mod-php5filter recommends no packages.

Versions of packages libapache2-mod-php5filter suggests:
pn  php-pear  <none>

Versions of packages php5-common depends on:
ii  libc6   2.19-18
ii  lsof    4.86+dfsg-1
ii  psmisc  22.21-2
ii  sed     4.2.2-4+b1
ii  ucf     3.0030

Versions of packages php5-common suggests:
pn  php5-user-cache  <none>

-- no debconf information

-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcp-stream.dat
Type: application/octet-stream
Size: 14180 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20150923/b1ec124a/attachment-0001.obj>

More information about the pkg-php-maint mailing list