httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marion & Christophe JAILLET <christophe.jail...@wanadoo.fr>
Subject Re: svn commit: r1610509 - /httpd/httpd/trunk/modules/generators/mod_cgid.c
Date Mon, 14 Jul 2014 20:27:27 GMT
Hi,

no APLOGNO ?

Best regards,
CJ

Le 14/07/2014 22:08, covener@apache.org a écrit :
> Author: covener
> Date: Mon Jul 14 20:08:25 2014
> New Revision: 1610509
>
> URL: http://svn.apache.org/r1610509
> Log:
> *) SECURITY: CVE-2014-0231 (cve.mitre.org)
>     mod_cgid: Fix a denial of service against CGI scripts that do
>     not consume stdin that could lead to lingering HTTPD child processes
>     filling up the scoreboard and eventually hanging the server.
>     [Rainer Jung, Eric Covener, Yann Ylavic]
>
> Submitted By: rjung, covener, ylavic
> Reviewed By: trawick, jorton, covener, jim
>     
>
> Modified:
>      httpd/httpd/trunk/modules/generators/mod_cgid.c
>
> Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1610509&r1=1610508&r2=1610509&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
> +++ httpd/httpd/trunk/modules/generators/mod_cgid.c Mon Jul 14 20:08:25 2014
> @@ -1551,6 +1551,10 @@ static int cgid_handler(request_rec *r)
>               if (rv != APR_SUCCESS) {
>                   /* silly script stopped reading, soak up remaining message */
>                   child_stopped_reading = 1;
> +                ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
> +                              "Error writing request body to script %s",
> +                              r->filename);
> +
>               }

Mime
View raw message