httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 22030] - SECURITY: 4097+ bytes of stderr from cgi script causes script to hang
Date Thu, 09 Oct 2003 07:12:45 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22030>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22030

SECURITY: 4097+ bytes of stderr from cgi script causes script to hang





------- Additional Comments From gstein@lyra.org  2003-10-09 07:12 -------
I raised this bug a long while back (Sep 25, 2002, actually:
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=103291952019514&w=2) and
suggested a new "CGI bucket" type that kept both stdout and stderr descriptors
from the CGI process. When the bucket read() function is called, it would
select() across both descriptors. Content from stdout would spawn a new bucket,
and content from stderr would be logged.

Then wrowe went off with a crazy super-solution which caused a total loss of
focus on the practical problems.

My suggestion still stands: have mod_cgi(d) inject a new CGI_BUCKET into the
filter stack which can drain both streams. No more hangs. Ever. No buffering.
Works for both cgi implementations. Works on Windows (presumably, since we're
using standard apr functions to poll across the two descriptors).

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message