Bug 53332 - Requests with chunked encoding have no body available to FCGI backend
Summary: Requests with chunked encoding have no body available to FCGI backend
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_fcgid (show other bugs)
Version: 2.2.22
Hardware: All Linux
: P2 normal with 11 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: MassUpdate, PatchAvailable
: 50274 (view as bug list)
Depends on:
Reported: 2012-05-30 18:25 UTC by Dominic Benson
Modified: 2019-03-25 06:30 UTC (History)
7 users (show)

Patch to set CONTENT_LENGTH FCGI params based on actual request body (2.57 KB, application/octet-stream)
2012-05-30 18:25 UTC, Dominic Benson

Note You need to log in before you can comment on or make changes to this bug.
Description Dominic Benson 2012-05-30 18:25:52 UTC
Created attachment 28862 [details]
Patch to set CONTENT_LENGTH FCGI params based on actual request body

Requests with Transfer-Encoding: chunked (notably from OS/X Finder WebDAV PUT) don't have a Content-Length header, and so the FCGI CONTENT_LENGTH doesn't get set. Because of the spec, conforming backends don't read any of the body of the request.
Conveniently, as mod_fcgid already buffers the entire request, it is relatively straightforward to adjust so that this is set.
Attached is a patch to support this - tested under httpd 2.2.22, mod_fcgid 2.3.6 on Linux x86.
Comment 1 kenjiuno 2016-10-03 02:43:19 UTC
I'm sure that the Dominic Benson's patch is useful and worth considering.

Currently sending raw-body with "Transfer-Encoding: chunked" over mod_fcgid has problems:
- file_get_contents('php://input') always return 0 bytes.
- blocks http response, although php script finished.
- apache logs "mod_fcgid: write timeout to pipe"

raw-body is a non-form data such as "application/octet-stream".

problem on: Apache/2.4.20 (Win32) mod_fcgid/2.3.9 + PHP 7.0.6

The patch can fix these problems.

Someone already reported this to php. But not considered as a bug of php.

I hope the patch will be merged!
Comment 2 Marcel Klaumünzer 2018-03-14 07:07:22 UTC
I have the same problem on Apache 2.4.6 with php-fpm. Is there a reason why the patch is still not being merged?
Comment 3 Luca Toscano 2018-03-14 09:52:36 UTC
Hi Marcel,

I saw your comment and I thought to add some personal comments but not really sure what is the official status. From what I gathered the development cycles available are nowadays more concentrated on mod_proxy_fcgi rather than its older cousins (like https://httpd.apache.org/mod_fcgid/), so there might be more responsiveness if you spot any issues there. 

Out of curiosity, is there any blocking reason that blocks people from migrating to mod_proxy_fcgi? I am genuinely asking that since it would be really great to gather some feedback and possibly implements the missing bits directly on mod_proxy_fcgi.

Also please note that any new update will only be present in more recent version of httpd (2.4.6 is a bit old).
Comment 4 Steffen Moser 2018-09-01 00:32:13 UTC
We currently experience the same problem even with the more recent "mod_proxy_fcgi" module in Apache 2.4.33 and PHP-FPM 7.1.17 on a Oracle Solaris 11.3 SRU 34 based Nextcloud instance. Uploads with macOS Finder's builtin WebDAV client cause empty files in Nextcloud 13.0.5. When changing from "mod_proxy_fcgi" and PHP-FPM back to the "libphp" module, the problem is gone. 

After doing some diagnosis, I am very sure that it is caused by the chunked encoding WebDAV PUT which is used by Apple's Finder. Other WebDAV clients don't show the problem with the same server setup.

@Luca: Do you know of any bug number related to this issue in "mod_proxy_fcgi"?
Comment 5 Luca Toscano 2018-09-01 07:48:58 UTC
I do! https://bz.apache.org/bugzilla/show_bug.cgi?id=57087
Comment 6 Yann Ylavic 2018-09-01 11:29:55 UTC
*** Bug 50274 has been marked as a duplicate of this bug. ***
Comment 7 William A. Rowe Jr. 2018-11-07 21:08:56 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.
Comment 8 Joe Orton 2018-12-06 12:24:22 UTC
Thanks for the patch Dominic.  Committed in r1848298.
Comment 9 Joe Orton 2018-12-06 12:27:09 UTC
Committed with some minor changes, I should have said - I added a check to ensure that Content-Length is only set if it was not sent by the client (so less change in behaviour for non-chunked requests); plus I switched to use apr_off_t_toa and added a debug log message for this case.
Comment 10 kenjiuno 2019-03-25 06:30:18 UTC
Hi Joe Orton
Thanks for patching this problem!

I just want to get a fixed binary of mod_fcgid,
So is there chance to tag new version like 2.3.10?