Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 18792 invoked by uid 6000); 21 Oct 1997 06:49:45 -0000
Received: (qmail 18776 invoked from network); 21 Oct 1997 06:49:44 -0000
Received: from twinlark.arctic.org (204.62.130.91)
  by taz.hyperreal.org with SMTP; 21 Oct 1997 06:49:44 -0000
Received: (qmail 12475 invoked by uid 500); 21 Oct 1997 06:50:22 -0000
Date: Mon, 20 Oct 1997 23:50:22 -0700 (PDT)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@apache.org
Subject: mod_cgi/1177: Fix for a bug I reported earlier today (sorry,
 no reference number). (fwd)
Message-ID: <Pine.LNX.3.95dg3.971020234953.21329J-100000@twinlark.arctic.org>
Organization: Transmeta Corp.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

I personally think that we should be accepting continuation headers from
CGIs.  I haven't looked at this code though.

Dean

---------- Forwarded message ----------
Date: Mon, 29 Sep 1997 08:30:02 -0700 (PDT)
From: Gordon Lack <gml4410@ggr.co.uk>
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org
Subject: mod_cgi/1177: Fix for a bug I reported earlier today (sorry, no reference number).


>Number:         1177
>Category:       mod_cgi
>Synopsis:       Fix for a bug I reported earlier today (sorry, no reference number).
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Sep 29 08:30:02 1997
>Originator:     gml4410@ggr.co.uk
>Organization:
apache
>Release:        1.2.4 7 1.3a1
>Environment:
Any/All
>Description:
I submitted a bug-report earlier this afternoon, but it hasn't shown up yet.

This is the fix for it....

The code pasted into the "suggested fix" box seems to fix the problem.

It should *replace* the code in scan_script_header_err in the util_script.c file
between lines 325 and 349.

The buf_start and buf_allow recalculations could be reworked to work on
only that which was read this time around, but it doesn't seem worth
complicating ths code - this is easier to read.
>How-To-Repeat:

>Fix:
    hard_timeout ("read script header", r);
     
/* GML - Need to allow for continuation lines */
         
   while(1) {
      char *buf_start;
      int buf_allow;
      int buf_so_far;
      int testc;
         
      buf_start = w;
      buf_allow = MAX_STRING_LEN - 1;
  
      while(1) {
/* GML Need a moving buf_start & buf_allow here */
         if (fgets(buf_start, buf_allow, f) == NULL) {
            kill_timeout (r);
            log_reason ("Premature end of script headers", r->filename, r);
            return SERVER_ERROR;
         }
/* Delete terminal (CR?)LF */
         p = strlen(w);
         if (p > 0 && w[p-1] == '\n') {
            if (p > 1 && w[p-2] == '\015') w[p-2] = '\0';
            else w[p-1] = '\0';
         }  
/* Blank line is EOH *regardless* of char1 on next line */
         if (w[0] == '\0') {
            kill_timeout (r);
            return OK;
         }
/* Allow for continuation headers. ie. is the next character LWS */
         testc = fgetc(f);
         if (testc != EOF)   
            ungetc(testc, f);
         if (testc == ' ' || testc == '\t') {
/* It's a continuation line - move buf_* vars and get the next line */
            buf_so_far = strlen(w);
            buf_start = w + buf_so_far;
            buf_allow = MAX_STRING_LEN - 1 - buf_so_far;  
            continue;
         }
/* Not a continuation line, so exit loop */
         break;
      }
/* GML End of continuation line handling. */

        /* if we see a bogus header don't ignore it. Shout and scream */
%0
>Audit-Trail:
>Unformatted: