www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Patterson <Jim.Patter...@Cognos.COM>
Subject general/6650: POST request puts server in hard loop
Date Tue, 10 Oct 2000 15:48:20 GMT

>Number:         6650
>Category:       general
>Synopsis:       POST request puts server in hard loop
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Oct 10 08:50:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Jim.Patterson@Cognos.COM
>Release:        2.0a7
>Organization:
apache
>Environment:
Windows 2000 Pro SP1
Visual C++ 5.0 SP2
>Description:
When I run a CGI command triggered through a form using POST method, the Apache server goes
into a hard loop and must be terminated.
>How-To-Repeat:
Create a page that has an embedded FORM specifying METHOD=POST and an ACTION that runs a CGI
application on the server.
Run the form and click on its SUBMIT button, so as to invoke the CGI application using POST
method.
The server will hang waiting for input.
At this point click on STOP in the browser.
Now, the server enters a different phaase in which it loops with all available CPU being utilized.

Here is a sample document - I don't think the CGI program is relevant because it won't be
called.
<HTML>
<HEAD>
</HEAD>
<BODY>
Test POST problem
<FORM NAME="Form1" METHOD="POST" ACTION="/cgi-bin/printenv.cgi">
<INPUT NAME="Str" TYPE="HIDDEN" VALUE="Hello">
<P>
<INPUT TYPE="Submit" Name="Go" VALUE="Do it!">
</BODY>
</HTML>
>Fix:
The problem is in main/http_core.c . With a POST request, there usually isn't a trailing linefeed
so the "while" loop won't end. The change here skips the follow-up reads if the buffer read
so far already contains a linefeed as it will for a well formed POST request. It also checks
the return status from apr_recv to detect a disconnect or other errors. It could be optimized
better for the usual GET case.
*** http_core.c-orig Tue Oct 10 11:10:56 2000
--- http_core.c Tue Oct 10 11:23:20 2000
***************
*** 3309,3317 ****
      if (rv == APR_SUCCESS) {
          if (length > 0) {
              templen = length - 1;
!             while (buff[templen] != ASCII_LF) {
!                 rv = apr_recv(csock, buff + templen + 1, &length);
!                 templen += length;
              }

              /* This should probably be a pool bucket, but using a transient is
--- 3309,3321 ----
      if (rv == APR_SUCCESS) {
          if (length > 0) {
              templen = length - 1;
!             if (memchr(buff, ASCII_LF, length) == NULL) {
!                 while (buff[templen] != ASCII_LF) {
!                     rv = apr_recv(csock, buff + templen + 1, &length);
!                     if (rv != APR_SUCCESS)
!                         break;
!                     templen += length;
!                 }
              }

              /* This should probably be a pool bucket, but using a transient is
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message