httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49427] New: mod_cgid and mod_cgi do not return proper value when exceeding LimitRequestBody
Date Fri, 11 Jun 2010 10:05:22 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49427

           Summary: mod_cgid and mod_cgi do not return proper value when
                    exceeding LimitRequestBody
           Product: Apache httpd-2
           Version: 2.2.15
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_cgi
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: aimoto321@gmail.com


[Symptom]
I used LimitRequestBody directive and then sent POST request which
size is over the value of LimitRequestBody.
I expected the response of Status 413 with the body which is set for the
status.
However I got the Status 413 with the body including not only 413, but also
500.


[Operation]
=== httpd.conf ==
ErrorDocument 413 "413 Error!!"
ErrorDocument 500 "500 Error!!"
LimitRequestBody 10000

=== HTTP ACCESS ===
[root@localhost bin]# telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
POST /cgi-bin/print.cgi HTTP/1.1
Host: test
Content-Length: 10001

HTTP/1.1 413 Request Entity Too Large
Date: Fri, 04 Jun 2010 07:16:56 GMT
Server: Apache/2.2.15 (Unix)
Connection: close
Content-Type: text/html; charset=iso-8859-1

413 Error!!500 Error!!Connection closed by foreign host.
[root@localhost bin]#

=== access_log ===
127.0.0.1 - - [04/Jun/2010:16:16:56 +0900] "POST /cgi-bin/print.cgi HTTP/1.1"
500 22

=== error_log ===
[Fri Jun 04 16:16:56 2010] [error] [client 127.0.0.1] Requested content-length
of 10001 is larger than the configured limit of 10000
[Fri Jun 04 16:16:56 2010] [error] [client 127.0.0.1] (-3)Unknown error
4294967293: Error reading request entity data



[Analysis]
It happens when you use mod_cgid / mod_cgi and LimitRequestBody.
It might caused by the following mod_cgi's code :

--- L.836-843 in mod_cgi.c ---

        rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
                            APR_BLOCK_READ, HUGE_STRING_LEN);

        if (rv != APR_SUCCESS) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                          "Error reading request entity data");
            return HTTP_INTERNAL_SERVER_ERROR;
        }
-------------------------------------------------

Exceeding LimitRequestBody AP_FILTER_ERROR occurs in ap_get_brigade().
Apache put Status 413's body into the response at that time.

However following code returns HTTP_INTERNAL_SERVER_ERROR.
It means that Apache adds Status 500's body to the response.

I think the code might be like following :

-------------------------------------------------

        rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
                            APR_BLOCK_READ, HUGE_STRING_LEN);

        if (rv != APR_SUCCESS) {
        if (rv == AP_FILTER_ERROR)
            return rv;
        else
            return HTTP_INTERNAL_SERVER_ERROR;
        }
-------------------------------------------------

I mention only mod_cgi, but mod_cgid includes the same issue.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message