httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 14550] New: - bug in server-client comunication while sending enviroment variables
Date Thu, 14 Nov 2002 11:41:12 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14550>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14550

bug in server-client comunication while sending enviroment variables

           Summary: bug in server-client comunication while sending
                    enviroment variables
           Product: Apache httpd-2.0
           Version: 2.0.42
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: mod_cgi
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: apache@czarny.eu.org


While sending paramters of called cgi script from working thrad to cgid serwer
by socket '\n' char is used to separate each part. If in sending enviroment '\n'
char will be used, all parameters will be send bad, some enviroment elements and
- what worst - every PUT variable will be lost. This bug making cgi scripts
which are working in SSL enviromend and which need SSL information unusable. 
Maybe this patch to mod-cgid.c will help:

284,287d283
<     rc = read(fd, &j, sizeof(int));
<     if (rc != sizeof(int)) {
<         return 1;
<     }
303a300,303
>     rc = read(fd, &j, sizeof(int));
>     if (rc != sizeof(int)) {
>         return 1;
>     }
305,307c305,313
<     i = 0; 
<     for (i = 0; i < j; i++) { 
<         environ[i] = ap_getword(r->pool, (const char **)&data, '\n'); 
---
>     for(i=0;i<j;i++){
>     	rc = read(fd, &len, sizeof(int));
>     	if (rc != sizeof(int)) {
> 	    return 1;
> 	}
> 	environ[i] = apr_pcalloc(r->pool,len+1);
> 	rc = read(fd,environ[i],len);
> 	if (rc != len){
> 	    return 1;
308a315,316
>     }
> 
310c318,331
<     r->args = ap_getword(r->pool, (const char **)&data, '\n'); 
---
> 
>     rc = read(fd, &len, sizeof(int));
>     if (rc != sizeof(int)) {
> 	return 1;
>     }
>     if(rc!=0){
>     	r->args = apr_pcalloc(r->pool,len+1);
>     	rc = read(fd,r->args,len);
>     	if (rc != len){
> 	     	return 1;
>     	}
>     } else {
>     	r->args=NULL;
>     }	
399a421,425
>     /* Write the request type (SSI "exec cmd" or cgi). */
>     if (write(fd, &r_type, sizeof(int)) < 0) {
> 	ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 		     "write to cgi daemon process");
>     }
403,404c429,432
<     for (i =0; env[i]; i++) { 
<         continue; 
---
>     len=strlen(data);
>     if (write(fd, &len, sizeof(int))<0){
>         ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 		     "write to cgi daemon process");
407,408c435
<     /* Write the request type (SSI "exec cmd" or cgi). */
<     if (write(fd, &r_type, sizeof(int)) < 0) {
---
>     if(write(fd,data,len)<0){
412a440,444
>    for (i =0; env[i]; i++) { 
> 	continue; 
>     } 
> 
> 
420c452,465
<         data = apr_pstrcat(r->pool, data, env[i], "\n", NULL); 
---
>         len=strlen(env[i]); 
> 	if(write(fd,&len,sizeof(int)) < 0) {
> 		ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 			      "write to cgi daemon process");
> 	}
> 	if(write(fd,env[i],len) < 0){
> 		ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 		             "write to cgi daemon process");
> 	}		
>     }
>     if(r->args!=NULL){ 
>     	len=strlen(r->args);
>     } else {
> 	len=0;
422,424c467
<     data = apr_pstrcat(r->pool, data, r->args, NULL); 
<     len = strlen(data); 
<     /* Write the length of the concatenated env string. */
---
> 
429,430c472,473
<     /* Write the concatted env string. */     
<     if (write(fd, data, len) < 0) {
---
>     if( len!=0){
>    	if (write(fd,r->args,len)<0){
433a477,478
>     }
>

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message