1--TEST-- 2GHSA-9pqp-7h25-4f32 3--SKIPIF-- 4<?php 5if (!getenv('TEST_PHP_CGI_EXECUTABLE')) { 6 die("skip php-cgi not available"); 7} 8if (substr(PHP_OS, 0, 3) == 'WIN') { 9 die("skip not for Windows in CI - probably resource issue"); 10} 11?> 12--FILE-- 13<?php 14 15const FILLUNIT = 5 * 1024; 16 17function test($boundaryLen) { 18 printf("Boundary len: %d\n", $boundaryLen); 19 20 $cmd = [ 21 getenv('TEST_PHP_CGI_EXECUTABLE'), 22 '-C', 23 '-n', 24 __DIR__ . '/GHSA-9pqp-7h25-4f32.inc', 25 ]; 26 27 $boundary = str_repeat('A', $boundaryLen); 28 $body = "" 29 . "--$boundary\r\n" 30 . "Content-Disposition: form-data; name=\"koko\"\r\n" 31 . "\r\n" 32 . "BBB\r\n--" . substr($boundary, 0, -1) . "CCC\r\n" 33 . "--$boundary--\r\n" 34 ; 35 36 $env = array_merge($_ENV, [ 37 'REDIRECT_STATUS' => '1', 38 'CONTENT_TYPE' => "multipart/form-data; boundary=$boundary", 39 'CONTENT_LENGTH' => strlen($body), 40 'REQUEST_METHOD' => 'POST', 41 'SCRIPT_FILENAME' => __DIR__ . '/GHSA-9pqp-7h25-4f32.inc', 42 ]); 43 44 $spec = [ 45 0 => ['pipe', 'r'], 46 1 => STDOUT, 47 2 => STDOUT, 48 ]; 49 50 $pipes = []; 51 52 print "Starting...\n"; 53 54 $handle = proc_open($cmd, $spec, $pipes, getcwd(), $env); 55 56 fwrite($pipes[0], $body); 57 58 $status = proc_close($handle); 59 60 print "\n"; 61} 62 63for ($offset = -1; $offset <= 1; $offset++) { 64 test(FILLUNIT - strlen("\r\n--") + $offset); 65} 66 67?> 68--EXPECTF-- 69Boundary len: 5115 70Starting... 71X-Powered-By: %s 72Content-type: text/html; charset=UTF-8 73 74Hello world 75array(1) { 76 ["koko"]=> 77 string(5124) "BBB 78--AAA%sCCC" 79} 80 81Boundary len: 5116 82Starting... 83X-Powered-By: %s 84Content-type: text/html; charset=UTF-8 85 86Hello world 87array(1) { 88 ["koko"]=> 89 string(5125) "BBB 90--AAA%sCCC" 91} 92 93Boundary len: 5117 94Starting... 95X-Powered-By: %s 96Content-type: text/html; charset=UTF-8 97 98<br /> 99<b>Warning</b>: Boundary too large in multipart/form-data POST data in <b>Unknown</b> on line <b>0</b><br /> 100Hello world 101array(0) { 102} 103 104
