CODEWITHSUNDEEP
phpjsoncurlcentos
S. Di Cioccio
S. Di Cioccio

Reputation: 51

CENTOS 7 - curl PHP5 cli and invalid Content-Length

On CENTOS 7 php5(cli) and curl module in a PHP script, I try to use a REST API making POST (JSON) in a php script and I got a strange behavior with PHP on my CENTOS 7 host.

Here is the output of the script:

[+] API GLPI : Session Initializing 
   User Token  ===> YsYJnd81WFiFIJ0pqdW6GqiujUpfkH12tdlgYElj 
   Init Url ===> http://192.168.158.129:8080/apirest.php/initSession/* About     to 
connect() to 192.168.158.129 port 8080 (#0)
*   Trying 192.168.158.129...
* Connected to 192.168.158.129 (192.168.158.129) port 8080 (#0)
  POST /apirest.php/initSession/ HTTP/1.1
Host: 192.168.158.129:8080
Accept: */*
Content-Type: application/json
Authorization: user_token YsYJnd81WFiFIJ0pqdW6GqiujUpfkH12tdlgYElj
Content-Length: -1
Expect: 100-continue

Note : Content-Lenght set to -1

Server return me

HTTP/1.1 400 Bad Request

no chunk, no close, no size. Assume close to signal end

Closing connection 0

Varnish log output

varnish          | *   << Request  >> 32777     
varnish          | -   Begin          req 32776 rxreq
varnish          | -   Timestamp      Start: 1522946173.840342 0.000000     0.000000
varnish          | -   Timestamp      Req: 1522946173.840342 0.000000     0.000000
varnish          | -   HttpGarbage    "POST%00"
varnish          | -   ReqAcct        226 0 226 28 0 28
varnish          | -   End            
varnish          | 
varnish          | *   << Session  >> 32776     
varnish          | -   Begin          sess 0 HTTP/1
varnish          | -   SessOpen       192.168.158.129 35336 :6081     172.26.0.11 6081 1522946173.840172 20
varnish          | -   Link           req 32777 rxreq
varnish          | -   SessClose      RX_JUNK 0.000
varnish          | -   End            
varnish          |

Note : HttpGarbage "POST%00"

CENTOS configuration

uname -a 

Linux localhost.localdomain 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 
20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 


rpm -qa | grep -i php

php-common-5.4.16-43.el7_4.1.x86_64
php-process-5.4.16-43.el7_4.1.x86_64
php-xml-5.4.16-43.el7_4.1.x86_64
php-pecl-json-post-1.0.0-2.el7.x86_64
php-cli-5.4.16-43.el7_4.1.x86_64
php-pear-Net-Curl-1.2.5-10.el7.noarch
php-pear-1.9.4-21.el7.noarch
php-mbstring-5.4.16-43.el7_4.1.x86_64


php -v

PHP 5.4.16 (cli) (built: Mar  7 2018 13:34:47) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies


rpm -qa | grep -i curl

libcurl-devel-7.29.0-42.el7_4.1.x86_64
libcurl-7.29.0-42.el7_4.1.x86_64
curl-7.29.0-42.el7_4.1.x86_64
python-pycurl-7.19.0-19.el7.x86_64
php-pear-Net-Curl-1.2.5-10.el7.noarch

php -m

[PHP Modules]
bz2
calendar
Core
ctype
curl
date
dom
ereg
exif
fileinfo
filter
ftp
gettext
gmp
hash
iconv
json
json_post
libxml
mbstring
mhash
openssl
pcntl
pcre
Phar
posix
readline
Reflection
session
shmop
SimpleXML
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
zip
zlib

On another machine with same piece of code it works perfectly:

[+] API GLPI : Session Initializing
User Token  ===> YsYJnd81WFiFIJ0pqdW6GqiujUpfkH12tdlgYElj
Init Url ===> http://192.168.158.129:8080/apirest.php/initSession/{"session_token":"nmoa5clfg0mfn8g5i153o8iqep"}
Array
(     [session_token] => nmoa5clfg0mfn8g5i153o8iqep  )
[+] SESSION TOKEN ===> nmoa5clfg0mfn8g5i153o8iqep
[+] API GLPI : TICKET CREATION
{"id":9,"message":"Your ticket has been registered, its treatment is in         progress. (Ticket: 9)"}* Hostname was NOT found in DNS cache
*   Trying 192.168.158.129...
* Connected to 192.168.158.129 (192.168.158.129) port 8080 (#0)
   POST /apirest.php/initSession/ HTTP/1.1
Host: 192.168.158.129:8080
Accept: */*
Content-Type: application/json
Authorization: user_token YsYJnd81WFiFIJ0pqdW6GqiujUpfkH12tdlgYElj
Expect: 100-continue

Please note : No Strange Content-Lenght set to -1

Server then responds

HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Date: Thu, 05 Apr 2018 13:08:15 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
apachehost: 019f184d31ff
Content-Length: 46
Content-Type: application/json; charset=UTF-8
X-Cacheable: NO:Cache-Control=no-store
X-Varnish: 32772
Age: 0
Via: 1.1 varnish (Varnish/5.0)
X-Cache: MISS
Accept-Ranges: bytes
Connection: keep-alive
Connection #0 to host 192.168.158.129 left intact

Varnish Logs

varnish          | *   << BeReq    >> 16        
varnish          | -   Begin          bereq 15 pass
varnish          | -   Timestamp      Start: 1522946334.370154 0.000000 0.000000
varnish          | -   BereqMethod    POST
varnish          | -   BereqURL       /apirest.php/initSession/
varnish          | -   BereqProtocol  HTTP/1.1
varnish          | -   BereqHeader    Host: 192.168.158.129:8080
varnish          | -   BereqHeader    Accept: */*
varnish          | -   BereqHeader    Content-Type: application/json
varnish          | -   BereqHeader    Authorization: user_token     YsYJnd81WFiFIJ0pqdW6GqiujUpfkH12tdlgYElj
varnish          | -   BereqHeader    X-Forwarded-For: 192.168.158.1
varnish          | -   BereqHeader    X-Varnish: 16
varnish          | -   VCL_call       BACKEND_FETCH
varnish          | -   VCL_return     fetch
varnish          | -   BackendOpen    23 boot.NODE019f184d31ff 172.26.0.10 80 172.26.0.11 48398
varnish          | -   BackendStart   172.26.0.10 80
varnish          | -   Timestamp      Bereq: 1522946334.370492 0.000338 0.000338
varnish          | -   Timestamp      Beresp: 1522946334.480720 0.110566 0.110228
varnish          | -   BerespProtocol HTTP/1.1
varnish          | -   BerespStatus   200
varnish          | -   BerespReason   OK
varnish          | -   BerespHeader   Date: Thu, 05 Apr 2018 16:38:54 GMT
varnish          | -   BerespHeader   Server: Apache/2.4.27 (Ubuntu)
(....)

Configuration

$ php-win.exe -v

PHP 5.5.12 (cli) (built: Apr 30 2014 11:21:04)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Xdebug v2.2.5, Copyright (c) 2002-2014, by Derick Rethans

php-win.exe -m

[PHP Modules]
bcmath
bz2
calendar
com_dotnet
Core
ctype
curl
date
dom
ereg
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
imap
intl
json
ldap
libxml
mbstring
mcrypt
mhash
mysql
mysqli
mysqlnd
odbc
openssl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
sqlite3
standard
tokenizer
wddx
xdebug
xml
xmlreader
xmlrpc
xmlwriter
xsl
zip
zlib

Piece of PHP Code

#1st request to get a Session Token
$api_url="http://192.168.158.129:8080/apirest.php";
$usertoken="YsYJnd81WFiFIJ0pqdW6GqiujUpfkH12tdlgYElj";

echo " [+] API GLPI : Session Initializing ";
echo ("   User Token  ===> " . $usertoken);
$headers = array(
    ('Content-Type: application/json'),
    ('Authorization: user_token ' . $usertoken)
);

$initurl=$api_url."/initSession/";
echo ("\n   Init Url ===> " . $initurl);

$ch  = curl_init();
curl_setopt($ch, CURLOPT_URL, $initurl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$request_result = curl_exec($ch);
echo $request_result;

curl_close($ch);
$obj = json_decode($request_result,true);
print_r ($obj);
$session_token="";
$session_token=$obj['session_token'];

if ($session_token == ""){
     echo "FATAL ! Error to retrieve Session Token";
     exit(2);
}

echo ("   [+] SESSION TOKEN ===> " . $session_token);
....
# Then 2nd request to Post JSON not shown here

Upvotes: 2

Views: 670

Answers (2)

S. Di Cioccio
S. Di Cioccio

Reputation: 51

I spot my mistake shame on me. In the first request I set 

curl_setopt($ch, CURLOPT_POST, 1);

whereas I have no data to POST! Solve the issue with changing it to 

curl_setopt($ch, CURLOPT_POST, 0);

However it shows that we should be very carefull with this curl library as it can act with significant difference

Upvotes: 0

Ryan Wright
Ryan Wright

Reputation: 177

Add a payload to the POST, as curl will add the -1 content length depending on the version of curl you're using if there is no post content. Later versions will add a 0 length content length header, which might be why you see variation between different machines.

$payloadJson = json_encode([]);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payloadJson);
curl_setopt(
    $ch,
    CURLOPT_HTTPHEADER,
    [
        "Content-type: application/json",
        "Content-Length: ".strlen($payloadJson),
        "Authorization: user_token " . $usertoken,
    ]
);

Upvotes: 0

Related Questions