From: php at linepoint dot com Operating system: Freebsd PHP version: 5.3.1 PHP Bug Type: CGI related Bug description: FastCGI/CGI runtime selection error
Description: ------------ PHP v5.3+ now forces fastcgi support to be compiled into the executable, and upon execution of php-cgi, auto selects which mode (fastcgi/cgi) is to be used. In some circumstances, it can guess incorrectly and use fastcgi mode when cgi mode should be used. PHP's method of checking in sapi/cgi/fastcgi.c (line ~230) uses the errno returned (ENOTCONN) as an assumption that a local/unix socket connection must be a fastcgi call. A alternative or secondary check should be implemented to verify that it's truly a fastcgi execution. This problem was initially found when working with the Zeus Webserver (http://www.zeus.com), but can be reproduced with other systems that work the same way. Reproduce code: --------------- When php-cgi is called from a webserver, it checks stdin (fd 0) with a getpeername call to see if it's reading via a socket or not. In some circumstances/webservers, php-cgi can be called using local sockets instead of file, but not be executed with fastcgi hooks. Code in question: --- sapi/cgi/fastcgi.c.orig 2010-02-09 12:25:49.000000000 -0500 } #else errno = 0; if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN) { fcgi_setup_signals(); return is_fastcgi = 1; } else { --- Expected result: ---------------- Expected result is that fastcgi mode is used for fastcgi calls, and cgi mode is used for cgi calls. A "proof of concept" patch which fixes the issue (this is not a final patch due to the fact the environmental variable checked is optional, not mandatory) --- sapi/cgi/fastcgi.c.orig 2010-02-09 12:25:49.000000000 -0500 +++ sapi/cgi/fastcgi.c 2010-02-09 12:26:50.000000000 -0500 @@ -228,7 +228,7 @@ } #else errno = 0; - if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN) { + if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN && getenv ("PHP_FCGI_CHILDREN") ) { fcgi_setup_signals(); return is_fastcgi = 1; } else { Actual result: -------------- The current code auto selects fastcgi mode, when cgi mode is the desired result. -- Edit bug report at http://bugs.php.net/?id=50979&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50979&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50979&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50979&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50979&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50979&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50979&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50979&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50979&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50979&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50979&r=support Expected behavior: http://bugs.php.net/fix.php?id=50979&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50979&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50979&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50979&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50979&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=50979&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50979&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50979&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50979&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50979&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50979&r=mysqlcfg
