httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: apache-0.2...
Date Wed, 22 Mar 1995 17:34:00 GMT
Here are the votes of the Cambridge jury...

Bugs:

B18_redirect.txt: Status: 302 should work, and doesn't:  +1
I haven't tested it, but it looks Ok.

B39_CRLF*.txt: Fix header output format to use CRLF not just LF: -1

You all know that I don't agree with the approach; I think Roy made
the best point, that the CGI spec allows LF or CRLF, whereas HTTP
only allows CRLF, and so httpd should do the necessary protocol conversion.
Also, CGI programmers are used to 'malformed header from CGI script', and
so they all probably think httpd is checking their headers anyway. However, I
don't mind going with the majority vote on whether httpd should add CR to
headers from parsed scripts.

But this particular patch gets -1 either way:
 * the patch introduces a bug: a CGI script that sends a Status: header
   ending in CRLF causes httpd to send a status line ending in CRCRLF
, and
 * Either it should add the CR, in which case it is wrong.
   Or, it should allow the (non nph-) CGI script to send its ouput
   unchanged, in which case:
   the patch does not fix a bug in httpd which sets the first character
   to be a ':' in any CGI header that does not contain a ':'. Such headers
   are allowed by http/1.0.

B40_trailing_slash.txt:  fix for introduced bug with trailing / in env var: -1
Sorry, it doesn't work. I now don't get any PATH_INFO data at all in my
/cgi-bin scripts. In fact, I'd like to retrospectively give a -1 to
B23 (addtype bug), and have it removed from 0.2...

B41: NCSA strsubfirst() stack-scribbling security fix:  +1

Enhancements:
E25_custom_error_response.txt: custom error responses: 0
Nearly, there. However, I'd like the messages to be in
SERVER_ROOT/conf/custom_msgs/ rather than SERVER_ROOT/custom_msgs/

E37.load_cutoff.txt: Allow connections to be rejected if high load av: 0
I think this is rather like the mmap nscache; a bit too unportable.
You would want to at least try and port it to as many architectures
first.

How strongly is this feature needed? I can imagine that it would be
useful for a non-forking server, but I would have thought that the apache
at present would be self-throttling.

I would also rather not add a new httpd specific source file for this.
i.e. I don't think this should be in http_load.c, but in load.c.
(My test for whether code should be http_xxx.c or xxx.c is whether or
not it includes httpd.h)
It is very system specific, and only needs httpd.h for die(); it could
return an error code instead.

---
Am I meant to vote for my own patches? If so,
P12-nscache-2.txt: name server cache: +1
E38-alias_malloc-3.txt: Store aliases in malloc'ed memory: +1
(note new version.)

 David.

Mime
View raw message