httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Neulinger <nn...@umr.edu>
Subject Re: Apache BUG
Date Wed, 17 Jul 1996 02:56:48 GMT
At 7:44 PM 7/16/96, Brian Behlendorf wrote:
>This is the correct behavior.  Look at the section starting at line 365 in

That could be questioned... I would agree that it is the current behavior,
but this seems to me that this could be very damaging...

I'll give you an example of where this is important...

Every once in a while, I'll have to move a CGI script, so what I will do is
execute a Location:, and also write something to a log file with the
referrer recorded. This way, I can go fix any references to the script.

Seems to me that the server shouldn't be just killing scripts offhand,
particularly if it might interupt a more important operation.

Another example, I have a database application that does some updates, but
outputs a Location: header to reload the original page, so basically,
people just see an update to the original page, even though there is
intervening output. If this were to be killed in the middle of an update,
nasty things might happen cause of not all the database updates completing.

-- Nathan

>mod_cgi.c.  If the script outputs "Location:" in the CGI headers to a
>non-internal request, and does not output "Status: 302", then the server
>will ignore the rest of the body.  If the script does not finish before
>the response to the client is finished, the script will end up getting
>killed.  The inconsistant behavior you are seeing is that sometimes the
>script makes it to the second command before the server finishes sending
>the response, sometimes it doesn't.  It doesn't matter.
>
>At least I'm pretty sure this is what's going on.
>
>        Brian
>
>On Sun, 14 Jul 1996, Vladislav Malyshkin wrote:
>> Hi,
>> It seems that there is a bug in Apache 1.1 and probabry in 1.1.1
>> The problem is with the redirect made by cgi scripts.
>> For example I took the following CGI script
>> --------------------- FILE xred ------------
>> #!/bin/sh
>> umask 022
>> echo 'Location: http://www.apache.org'
>> echo
>> echo "$QUERY_STRING   $$" 1>>/tmp/mystat.txt
>> --------------------------------------------
>>
>> and called it many times as follows
>> http://www.mydomain.edu/cgi-bin/xred?dd=FF&ggg=ccc&xx=XX.html
>> with some changes in the query string ^^^^^^^^^^^^^^^^^^^^^^^^^
>> for example call next time with
>> http://www.mydomain.edu/cgi-bin/xred?dd=FF&gggAAA=BBBccc&xx=XX.html
>>
>> and so on.
>> I did this 25 times, every time I changed something in
>> the transmitted parameters.
>>
>> Then I compared records in the
>> /tmp/mystat.txt
>> and in the
>> ..../httpd/logs/access_log
>>
>> The problem is that what some requests that
>> DO PRESENT in the ..../httpd/logs/access_log
>> DO NOT PRESENT in the /tmp/mystat.txt
>>
>> It looks like apache httpd don't call this CGI script every time
>> and use some old information CGI printed.
>> This occures (difference in /tmp/mystat.txt and ..../httpd/logs/access_log)
>> only if I am using NON-LOCAL  redirect.
>> when I am using local redirect
>> (Location: /mydir/myfile.gif) everything is OK.
>> When I make a file output by CGI everything is OK as well.
>>
>>
>> I am using Solaris 2.4 and compiled apache by GCC 2.7.2
>> I used apache 1.0 and 1.1  - everything is the same for these two
>> versions.
>>
>> Sincerely,
>> Vladislav Malyshkin
>>
>>
>> -----------------------------------------------------
>> As an example I attached the part of access_log file
>> where are 25 requests present and /tmp/mystat.txt file
>> where JUST 11 REQUESTS of these 25 present.
>>
>> ----------- appendix --------
>> the part of access_log file  (25 requests)
>>
>> n21.physics.wmich.edu - - [14/Jul/1996:22:44:37 -0400] "GET
>>/cgi-bin/xred?FFFF=FFF&rr=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:44:44 -0400] "GET
>>/cgi-bin/xred?FFFF=FFF&rr=GGFFFG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:44:54 -0400] "GET
>>/cgi-bin/xred?FFFF=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:44:58 -0400] "GET
>>/cgi-bin/xred?FFDDDFF=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:03 -0400] "GET
>>/cgi-bin/xred?FFDDGG=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:08 -0400] "GET
>>/cgi-bin/xred?FFDDGG=FDDDFF&Frr=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:12 -0400] "GET
>>/cgi-bin/xred?FFDDGG=FDDDGGGHHHFF&Frr=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:17 -0400] "GET
>>/cgi-bin/xred?FFDDGG=FDDDGKKHFF&Frr=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:21 -0400] "GET
>>/cgi-bin/xred?FFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:25 -0400] "GET
>>/cgi-bin/xred?FFDFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:31 -0400] "GET
>>/cgi-bin/xred?FTYUYDFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:35 -0400] "GET
>>/cgi-bin/xred?FTYUYHHHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:44 -0400] "GET
>>/cgi-bin/xred?FTAQDFQ4HHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:49 -0400] "GET
>>/cgi-bin/xred?FTAQDHHGG=F134252DDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:55 -0400] "GET
>>/cgi-bin/xred?FTAQDHHGG=F13425wwDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:45:58 -0400] "GET
>>/cgi-bin/xred?FTAQDHHGG=F13425wwDGKwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302
>>-
>> n21.physics.wmich.edu - - [14/Jul/1996:22:46:05 -0400] "GET
>>/cgi-bin/xred?FTAQDHHGG=F13HJKLWKJWwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302
>>-
>> n21.physics.wmich.edu - - [14/Jul/1996:22:46:09 -0400] "GET
>>/cgi-bin/xred?FTAQDHHGG=F13HJKLWKwwwwJWwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0"
>>302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:46:27 -0400] "GET
>>/cgi-bin/xred?FTAQDHHGG=F4F&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:46:36 -0400] "GET
>>/cgi-bin/xred?FTAQDHHFFGG=F4F&FrLJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:46:40 -0400] "GET
>>/cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&xx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:46:44 -0400] "GET
>>/cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&Axx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:46:55 -0400] "GET
>>/cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&AFxx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:47:06 -0400] "GET
>>/cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&AFxx.html HTTP/1.0" 302 -
>> n21.physics.wmich.edu - - [14/Jul/1996:22:47:13 -0400] "GET
>>/cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&YYxx.html HTTP/1.0" 302 -
>>
>>
>> --------  the file /tmp/mystat.txt 11 requests -----------
>>
>> FFFF=FFF&rr=GGG&xx.html   20938
>> FFFF=FFF&rr=GGFFFG&xx.html   20939
>> FFFF=FFF&Frr=GGG&xx.html   20940
>> FFDDGG=FFF&Frr=GGG&xx.html   20942
>> FFDDGG=FDDDFF&Frr=GGG&xx.html   20943
>> FFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html   20946
>> FTYUYHHHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html   20949
>> FTAQDHHGG=F13HJKLWKJWwwwKHFF&FrLJ=GGG&xx.html   20955
>> FTAQDHHFFGG=F4F&FrLJ=GGG&xx.html   20960
>> FTAQDHHFFGG=F4F&FrLHJJ=GGG&xx.html   20961
>> FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&YYxx.html   20967
>>
>> ----- End of forwarded message from Vladislav Malyshkin -----
>>
>> --
>> Rob Hartill (robh@imdb.com)
>> The Internet Movie Database (IMDb)  http://www.imdb.com/
>>            ...more movie info than you can poke a stick at.
>>
>>
>
>--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
>brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS

------------------------------------------------------------
Nathan Neulinger                  Univ. of Missouri - Rolla
EMail: nneul@umr.edu                  Computing Services
WWW: http://www.umr.edu/~nneul      SysAdmin: rollanet.org



Mime
View raw message