httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: mod_isapi
Date Tue, 22 Jul 1997 17:53:59 GMT
On Mon, 21 Jul 1997, Dean Gaudet wrote:

> On Mon, 21 Jul 1997, Alexei Kosut wrote:
> > Actually, it's a tad worse. You can send a "Content-length: 10000000" and
> > Apache will malloc() ten megabytes. I do see that as a problem. But I
> > forgot to do anything about it... Couldn't think of quite the right thing
> > to do.
> You mean it does this with your mod_isapi right?

Yes, that's right.

> > Makes sense. Only one problem. IIS doesn't do that. It doesn't set the
> > variables to what CONTENT_LENGTH would be. It doesn't pass the data into
> > the buffer unmodified. It tacks on a \0 and adds one to the
> > numbers. Which means that if there is more than 48k, the algorithm
> > described in the spec goes to hell, because everything's off by one. The
> > only way I could figure out how to do this without dissasembling IIS to
> > figure out what the hell it does was to send all the data to the client,
> > tack on the null, and up both numbers (so they keep equal). It seems to
> > work with the demos that come with IIS.
> Ok I don't see why you can't also use a 48k buffer and do the same
> thing... rather than just reading it all at once and allocating a lot of
> memory.  Was it just a first-pass convenience thing you plan to clean up? 
> I'll buy that.  Or maybe I'm confused.

I plan to clean it up. Don't know how. We don't have a prealloc(), so I'm
not quite sure how to do it in chunks without massively wasting memory.

One option is just to cap the input at some reasonable number, like 48k
or so, and the people who want to upload files are out of luck?

> > aren't in use anymore, and so I couldn't figure out how to make it unload
> > the DLL at a good time.
> Couldn't you just register a cleanup for it in the appropriate pool?
> Probably the connection pool given the sounds of the api.

No... because the ISA might be doing something more long-lived than
that. They're required to be multithreaded, and so they handle all the
requests at once, for as long as they're loaded. For example, I might
open up a database connection. Or I might keep state information. That's
all useful over many connections, for many minutes.

LoadLibrary()/FreeLibrary() does keep a reference count, and unloads only
when the last use frees it. The problem is how to get Apache to figure
out when to free the last one, if you don't knock them out of memory when
you're done with them.

> > It's not that trivial. Unless they have knowledge of Apache's
> > internals. But a CGI script can do the same thing, unless you're using
> > suexec. Remember, DLLs have seperate address spaces unless they're
> > explicitly merged by linking to an export library, or calling
> > GetProcAddress(). So the DLL can only talk to Apache through the
> > interfaces Apache sets up for it. Similar to a CGI, in that respect.
> The interfaces pass it pointers to Apache's memory space right?  DLLs have
> access to the calling process' memory space.  DLLs are just mapped above a
> certain address, much like shared libraries are mapped in unix.  Given
> acess to Apache's memory space you can do anything to it.  It's trivial to
> have knowledge of Apache's internals, you just get the source code and
> build it the same way we do and you'll have a symbol map.

Yes, yes. True. But a CGI can do that too... I think. Although I'll grant
you it's much trickier.

-- Alexei Kosut <>

View raw message