@@ -184,6 +184,7 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
184184 php_struct * ctx = SG (server_context );
185185 request_rec * r ;
186186 apr_bucket_brigade * brigade ;
187+ apr_status_t ret ;
187188
188189 r = ctx -> r ;
189190 brigade = ctx -> brigade ;
@@ -195,7 +196,7 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
195196 * need to make sure that if data is available we fill the buffer completely.
196197 */
197198
198- while (ap_get_brigade (r -> input_filters , brigade , AP_MODE_READBYTES , APR_BLOCK_READ , len ) == APR_SUCCESS ) {
199+ while (( ret = ap_get_brigade (r -> input_filters , brigade , AP_MODE_READBYTES , APR_BLOCK_READ , len ) ) == APR_SUCCESS ) {
199200 apr_brigade_flatten (brigade , buf , & len );
200201 apr_brigade_cleanup (brigade );
201202 tlen += len ;
@@ -206,6 +207,14 @@ php_apache_sapi_read_post(char *buf, size_t count_bytes)
206207 len = count_bytes - tlen ;
207208 }
208209
210+ if (ret != APR_SUCCESS ) {
211+ if (APR_STATUS_IS_TIMEUP (ret )) {
212+ SG (sapi_headers ).http_response_code = ap_map_http_request_error (ret , HTTP_REQUEST_TIME_OUT );
213+ } else {
214+ SG (sapi_headers ).http_response_code = ap_map_http_request_error (ret , HTTP_BAD_REQUEST );
215+ }
216+ }
217+
209218 return tlen ;
210219}
211220
@@ -656,6 +665,13 @@ zend_first_try {
656665 brigade = ctx -> brigade ;
657666 }
658667
668+ if (SG (request_info ).content_length > SG (read_post_bytes )) {
669+ ap_log_rerror (APLOG_MARK , APLOG_ERR , 0 , r , "attemp to read POST data error: %d" , SG (sapi_headers ).http_response_code );
670+ apr_brigade_cleanup (brigade );
671+ PHPAP_INI_OFF ;
672+ return SG (sapi_headers ).http_response_code ;
673+ }
674+
659675 if (AP2 (last_modified )) {
660676 ap_update_mtime (r , r -> finfo .mtime );
661677 ap_set_last_modified (r );
0 commit comments