httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r783740 - in /httpd/httpd/trunk: CHANGES modules/generators/mod_cgid.c
Date Thu, 11 Jun 2009 12:32:59 GMT
Author: rpluem
Date: Thu Jun 11 12:32:59 2009
New Revision: 783740

URL: http://svn.apache.org/viewvc?rev=783740&view=rev
Log:
* Close the listening Unix socket of the mod_cgid daemon in the CGI scripts.

PR: 47335
Submitted by: Kornél Pál <kornelpal gmail.com>
Reviewed by: rpluem

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/generators/mod_cgid.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=783740&r1=783739&r2=783740&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Jun 11 12:32:59 2009
@@ -6,8 +6,11 @@
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
+     CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
+
   *) mod_rewrite: Remove locking for writing to the rewritelog.
-      PR 46942 [Dan Poirier <poirier pobox.com>]
+     PR 46942 [Dan Poirier <poirier pobox.com>]
 
   *) mod_alias: check sanity in Redirect arguments.
      PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]

Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=783740&r1=783739&r2=783740&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Thu Jun 11 12:32:59 2009
@@ -302,6 +302,13 @@
 }
 #endif
 
+static apr_status_t close_unix_socket(void *thefd)
+{
+    int fd = (int)((long)thefd);
+
+    return close(fd);
+}
+
 /* deal with incomplete reads and signals
  * assume you really have to read buf_size bytes
  */
@@ -653,6 +660,9 @@
         }
     }
 
+    apr_pool_cleanup_register(pcgi, (void *)((long)sd),
+                              close_unix_socket, close_unix_socket);
+
     /* if running as root, switch to configured user/group */
     if ((rc = ap_run_drop_privileges(pcgi, ap_server_conf)) != 0) {
         return rc;
@@ -1152,13 +1162,6 @@
     return ret;
 }
 
-static apr_status_t close_unix_socket(void *thefd)
-{
-    int fd = (int)((long)thefd);
-
-    return close(fd);
-}
-
 static int connect_to_daemon(int *sdptr, request_rec *r,
                              cgid_server_conf *conf)
 {



Mime
View raw message