1 files changed, 19 insertions, 6 deletions

diff --git a/main/SAPI.c b/main/SAPI.c
index 7853292383..df1d5fb957 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -115,8 +115,10 @@ SAPI_API void sapi_handle_post(void *arg SLS_DC)
 {
 	if (SG(request_info).post_entry) {
 		SG(request_info).post_entry->post_handler(SG(request_info).content_type_dup, arg SLS_CC);
-		efree(SG(request_info).post_data);
-		SG(request_info).post_data = NULL;
+		if (SG(request_info).post_data) {
+			efree(SG(request_info).post_data);
+			SG(request_info).post_data = NULL;
+		}
 		efree(SG(request_info).content_type_dup);
 		SG(request_info).content_type_dup = NULL;
 	}
@@ -156,7 +158,7 @@ static void sapi_read_post_data(SLS_D)
 		post_reader_func = post_entry->post_reader;
 	} else {
 		if (!sapi_module.default_post_reader) {
-			sapi_module.sapi_error(E_ERROR, "Unsupported content type:  '%s'", content_type);
+			sapi_module.sapi_error(E_WARNING, "Unsupported content type:  '%s'", content_type);
 			return;
 		}
 		SG(request_info).post_entry = NULL;
@@ -175,6 +177,11 @@ SAPI_POST_READER_FUNC(sapi_read_standard_form_data)
 	int read_bytes;
 	int allocated_bytes=SAPI_POST_BLOCK_SIZE+1;
 
+	if (SG(request_info).content_length > SG(post_max_size)) {
+		php_error(E_WARNING, "POST Content-Length of %d bytes exceeds the limit of %d bytes",
+					SG(request_info).content_length, SG(post_max_size));
+		return;
+	}
 	SG(request_info).post_data = emalloc(allocated_bytes);
 
 	for (;;) {
@@ -183,6 +190,10 @@ SAPI_POST_READER_FUNC(sapi_read_standard_form_data)
 			break;
 		}
 		SG(read_post_bytes) += read_bytes;
+		if (SG(read_post_bytes) > SG(post_max_size)) {
+			php_error(E_WARNING, "Actual POST length does not match Content-Length, and exceeds %d bytes", SG(post_max_size));
+			return;
+		}
 		if (read_bytes < SAPI_POST_BLOCK_SIZE) {
 			break;
 		}
@@ -285,14 +296,17 @@ SAPI_API void sapi_activate(SLS_D)
 	} else {
 		SG(request_info).headers_only = 0;
 	}
+	SG(rfc1867_uploaded_files) = NULL;
 
 	if (SG(server_context)) {
 		if (SG(request_info).request_method 
 			&& !strcmp(SG(request_info).request_method, "POST")) {
 			if (!SG(request_info).content_type) {
-				sapi_module.sapi_error(E_ERROR, "No content-type in POST request");
+				sapi_module.sapi_error(E_WARNING, "No content-type in POST request");
+				SG(request_info).content_type_dup = NULL;
+			} else {
+				sapi_read_post_data(SLS_C);
 			}
-			sapi_read_post_data(SLS_C);
 		} else {
 			SG(request_info).content_type_dup = NULL;
 		}
@@ -301,7 +315,6 @@ SAPI_API void sapi_activate(SLS_D)
 			sapi_module.activate(SLS_C);
 		}
 	}
-	SG(rfc1867_uploaded_files) = NULL;
 }