Bug 60088

Summary: mod_ext_filter did not work if post body size larger than 8192 bytes
Product: Apache httpd-2 Reporter: andre.rothe
Component: mod_ext_filterAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEEDINFO ---    
Severity: major    
Priority: P2    
Version: 2.4.20   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description andre.rothe 2016-09-06 13:49:11 UTC

ExtFilterDefine MyInFilter mode=input cmd="/path/to/filters/request_filter.php"
<Location "/mywebapplication-url">
    setInputFilter MyInFilter
    ExtFilterOptions LogStderr
    LimitRequestBody 0

My filter code:


     function processFilter() {

         $stdin = file_get_contents('php://stdin');
         if (empty($stdin)) {
            error_log("empty request");
            return $stdin;

         // do filter work here, do nothing for test

         return $stdin;

    error_log("Filter starts");

    $before = microtime(true);
    $after = microtime(true);

    error_log("Filter needs: " . ($after-$before) ." s");

If I post a request with data larger than 8192 bytes, my filter won't be called and the request dies with an error:

[Tue Sep 06 09:58:09.470309 2016] [ext_filter:trace1] [pid 15343] mod_ext_filter.c(629): [client] filtering `/an-URL' of type `(unspecified)' through `/path/to/filters/request_filter.php', cfg ExtFilterOptions LogStderr !PreserveContentLength ExtFilterInType application/x-www-form-urlencoded ExtFilterOuttype (unchanged), referer: https://another-URL

[Tue Sep 06 09:58:09.470399 2016] [ext_filter:trace6] [pid 15343] mod_ext_filter.c(807): (11)Resource temporarily unavailable: [client] AH01466: apr_file_read(child output), len 18446744073709551615, referer: https://another-URL

[Tue Sep 06 09:58:09.470441 2016] [:error] [pid 15343] Sending error response: The request contained fewer content data than specified by the content-length header

I have recompiled the mod_ext_filter.c with a lot of log output and I found a discrepancy in ef_unified_filter(), where the apr_bucket_read() gets only 8192 bytes, but the ef_input_filter() reads just before i.e. 9827 bytes from the current brigade. 
There is only one bucket within the brigade and the for-loop in ef_unified_filter() runs therefore only once. The result is the different content length from the error message, but at the moment I cannot find a solution for that.

It is not a PHP-specific problem, I have tested it with a Bash-script filter too. Also I have tested w/o LimitRequestBody.
Comment 1 andre.rothe 2016-09-08 08:06:12 UTC
I have checked the problem on 2.4.20 and it is still present. In the /var/log/audit/audit.log I can see:

type=ANOM_ABEND msg=audit(1473319986.976:46188): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=15702 comm="httpd" reason="memory violation" sig=11

just after processing the request.
Comment 2 Joe Orton 2017-02-16 17:46:44 UTC
Can you retest with 2.4.25?  I can't reproduce the error here from that config/filter combination.