There are several HTTP status codes related to content-length:
- 411 Length Required: Server requires Content-Length header but it's missing
if (!$request->hasHeader('Content-Length')) { return response()->json(['error' => 'Content-Length header required'], 411); } - 413 Request Entity Too Large: Body exceeds server's size limit
$maxSize = 5 * 1024 * 1024; // 5MB if ($request->header('Content-Length') > $maxSize) { return response()->json(['error' => 'Payload too large'], 413); } - 400 Bad Request: Content-Length doesn't match actual body size
$actualSize = strlen($request->getContent()); $declaredSize = $request->header('Content-Length'); if ($actualSize != $declaredSize) { return response()->json(['error' => 'Content-Length mismatch'], 400); } CVE-2019-11043 - PHP-FPM Buffer Overflow
CVE-2018-7583 vulnerability
// Simplified PHP internal C code void parse_multipart_data(request_t *request) { // Step 1: Allocate based on Content-Length header size_t declared_size = get_header_value("Content-Length"); // 100 char *buffer = malloc(declared_size); // 100 bytes allocated // Step 2: Read actual data until boundary size_t bytes_read = 0; while (!found_boundary()) { // This reads MORE than Content-Length declared! bytes_read += read(input, buffer + bytes_read, CHUNK_SIZE); // If bytes_read > 100, we overflow the buffer! } } Memory Layout: [Buffer: 100 bytes][Other Data][Return Address] What happens: 1. Buffer allocated: [100 empty bytes] 2. Reads 500 bytes: [100 bytes][400 OVERFLOW→][Corrupted][Corrupted] ↑ Overwrites other memory! Affected Versions:
- PHP 7.0.x before 7.0.28
- PHP 7.1.x before 7.1.15
- PHP 7.2.x before 7.2.3
Fixed in:
- PHP 7.0.28
- PHP 7.1.15
- PHP 7.2.3
- PHP 7.3.0 and later
Top comments (0)