Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 13522 invoked from network); 10 Sep 2003 21:14:26 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 10 Sep 2003 21:14:26 -0000 Received: (qmail 52890 invoked by uid 500); 10 Sep 2003 21:14:12 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 52873 invoked by uid 500); 10 Sep 2003 21:14:12 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: "Apache HTTPD Bugs Notification List" Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 52851 invoked from network); 10 Sep 2003 21:14:12 -0000 Received: from unknown (HELO exchange.sun.com) (192.18.33.10) by daedalus.apache.org with SMTP; 10 Sep 2003 21:14:12 -0000 Received: (qmail 22966 invoked by uid 50); 10 Sep 2003 21:17:07 -0000 Date: 10 Sep 2003 21:17:07 -0000 Message-ID: <20030910211707.22965.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: bugs@httpd.apache.org Cc: Subject: DO NOT REPLY [Bug 22030] - SECURITY: 4097+ bytes of stderr from cgi script causes script to hang X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22030 SECURITY: 4097+ bytes of stderr from cgi script causes script to hang ------- Additional Comments From trawick@apache.org 2003-09-10 21:17 ------- problems with ~/trawick/mod_cgi.c: 1) buffers up the response, which is really uncool and breaks with cgis that need to flush or which write huge responses the code to parse http headers written by the cgi needs to be changed to get rid of the buffering handle_script_stdout() needs to know when we've seen all the headers, then process them, then set ctx->headers_processed 2) doesn't work on the ever-lame win32 groan 3) needs the last few fixes to mod_cgi integraded 4) doesn't help mod_cgid, which is needed by threaded MPMs 5) isn't tested a whole lot but of course you folks are helping with that --/-- The main problem to attack is #1... with that solved, everything else is not so hard, other than Win32, which doesn't have to be solved. I'll try to attack #1 now that I see some interest in it. Alternately, somebody else play with it in a debugger and see what I mean about needing to recognize when we've read the entire response header from the CGI and can get into the simple mode where we pass all output down the filter chain as soon as we read it. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org