httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 22030] - SECURITY: 4097+ bytes of stderr from cgi script causes script to hang
Date Fri, 16 Apr 2004 03:05:15 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=22030>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=22030

SECURITY: 4097+ bytes of stderr from cgi script causes script to hang





------- Additional Comments From bbb@cpan.org  2004-04-16 03:05 -------
Joe, you're a total genious!  I patched my httpd.spec file as follows: 
 
---- snip ---- 
=================================================================== 
--- httpd.spec  18 Nov 2003 00:52:34 -0000      1.16 
+++ httpd.spec  16 Apr 2004 02:27:23 -0000 
@@ -33,6 +33,8 @@ 
 Source31: migration.css 
 Source32: html.xsl 
 Source33: README.confd 
+# Add Joe Orton's awesome CGI Bucket feature so large STDERR output won't 
choke anymore! 
+Patch0: http://www.apache.org/~jorton/mod_cgi-HEAD.diff 
 # build/scripts patches 
 Patch1: httpd-2.0.40-apctl.patch 
 Patch2: httpd-2.0.36-apxs.patch 
@@ -128,6 +130,9 @@ 
 fi 
  
 %build 
+ 
+patch modules/generators/mod_cgi.c < $RPM_SOURCE_DIR/mod_cgi-HEAD.diff 
+ 
 # update location of migration guide in apachectl 
 %{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ 
        support/apachectl.in 
---- snap ---- 
 
And then I rebuilt the package and upgraded the rpm.  (I couldn't use the 
standard rpm "%patch" because I think Joe forgot to include the 
"http-2.0.49/modules/generators/" prefix in the diff headers in his patch 
file.)  After restarting, all my problems immediately disappeared.  I'm 
putting this on my PRODUCTION servers right now.  (I never close STDERR in any 
of my CGIs anyway.) 
 
Thank you!

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message