Merge branch 'PHP-5.6'

* PHP-5.6:
  NEWS
  adapt test for error message introduce in fix for #68463
  Fix bug #68463 listen.allowed_clients can silently result in no allowed access
This commit is contained in:
Remi Collet 2014-11-20 15:17:02 +01:00
commit 8904fbc692
2 changed files with 32 additions and 12 deletions

View File

@ -280,6 +280,10 @@ void fcgi_set_allowed_clients(char *ip)
}
allowed_clients[n].sa.sa_family = 0;
free(ip);
if (!n) {
zlog(ZLOG_ERROR, "There are no allowed addresses for this pool");
/* don't clear allowed_clients as it will create an "open for all" security issue */
}
}
}

View File

@ -8,19 +8,28 @@ FPM: Test various messages on start, from master and childs
include "include.inc";
$logfile = dirname(__FILE__).'/php-fpm.log.tmp';
$port = 9000+PHP_INT_SIZE;
$port1 = 9000+PHP_INT_SIZE;
$port2 = 9001+PHP_INT_SIZE;
$cfg = <<<EOT
[global]
error_log = $logfile
log_level = notice
[unconfined]
listen = 127.0.0.1:$port
listen.allowed_clients=127.0.0.1,xxx
[pool1]
listen = 127.0.0.1:$port1
listen.allowed_clients=127.0.0.1
user = foo
pm = dynamic
pm.max_children = 5
;pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
catch_workers_output = yes
[pool2]
listen = 127.0.0.1:$port2
listen.allowed_clients=xxx
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
catch_workers_output = yes
@ -29,7 +38,7 @@ EOT;
$fpm = run_fpm($cfg, $tail);
if (is_resource($fpm)) {
$i = 0;
while (($i++ < 30) && !($fp = @fsockopen('127.0.0.1', $port))) {
while (($i++ < 30) && !($fp = @fsockopen('127.0.0.1', $port1))) {
usleep(10000);
}
if ($fp) {
@ -38,11 +47,16 @@ if (is_resource($fpm)) {
}
for ($i=0 ; $i<10 ; $i++) {
try {
run_request('127.0.0.1', $port);
run_request('127.0.0.1', $port1);
} catch (Exception $e) {
echo "Error\n";
echo "Error 1\n";
}
}
try {
run_request('127.0.0.1', $port2);
} catch (Exception $e) {
echo "Error 2\n";
}
proc_terminate($fpm);
if (!feof($tail)) {
echo stream_get_contents($tail);
@ -55,12 +69,14 @@ if (is_resource($fpm)) {
Done
--EXPECTF--
Started
[%s] NOTICE: [pool unconfined] pm.start_servers is not set. It's been set to 2.
[%s] NOTICE: [pool unconfined] 'user' directive is ignored when FPM is not running as root
Error 2
[%s] NOTICE: [pool pool1] pm.start_servers is not set. It's been set to 2.
[%s] NOTICE: [pool pool1] 'user' directive is ignored when FPM is not running as root
[%s] NOTICE: fpm is running, pid %d
[%s] NOTICE: ready to handle connections
[%s] WARNING: [pool unconfined] child %d said into stderr: "ERROR: Wrong IP address 'xxx' in listen.allowed_clients"
[%s] WARNING: [pool unconfined] child %d said into stderr: "ERROR: Wrong IP address 'xxx' in listen.allowed_clients"
[%s] WARNING: [pool pool2] child %d said into stderr: "ERROR: Wrong IP address 'xxx' in listen.allowed_clients"
[%s] WARNING: [pool pool2] child %d said into stderr: "ERROR: There are no allowed addresses for this pool"
[%s] WARNING: [pool pool2] child %d said into stderr: "ERROR: Connection disallowed: IP address '127.0.0.1' has been dropped."
[%s] NOTICE: Terminating ...
[%s] NOTICE: exiting, bye-bye!
Done