You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/11/14 12:41:12 UTC
DO NOT REPLY [Bug 14550] New: -
bug in server-client comunication while sending enviroment variables
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14550>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14550
bug in server-client comunication while sending enviroment variables
Summary: bug in server-client comunication while sending
enviroment variables
Product: Apache httpd-2.0
Version: 2.0.42
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: mod_cgi
AssignedTo: bugs@httpd.apache.org
ReportedBy: apache@czarny.eu.org
While sending paramters of called cgi script from working thrad to cgid serwer
by socket '\n' char is used to separate each part. If in sending enviroment '\n'
char will be used, all parameters will be send bad, some enviroment elements and
- what worst - every PUT variable will be lost. This bug making cgi scripts
which are working in SSL enviromend and which need SSL information unusable.
Maybe this patch to mod-cgid.c will help:
284,287d283
< rc = read(fd, &j, sizeof(int));
< if (rc != sizeof(int)) {
< return 1;
< }
303a300,303
> rc = read(fd, &j, sizeof(int));
> if (rc != sizeof(int)) {
> return 1;
> }
305,307c305,313
< i = 0;
< for (i = 0; i < j; i++) {
< environ[i] = ap_getword(r->pool, (const char **)&data, '\n');
---
> for(i=0;i<j;i++){
> rc = read(fd, &len, sizeof(int));
> if (rc != sizeof(int)) {
> return 1;
> }
> environ[i] = apr_pcalloc(r->pool,len+1);
> rc = read(fd,environ[i],len);
> if (rc != len){
> return 1;
308a315,316
> }
>
310c318,331
< r->args = ap_getword(r->pool, (const char **)&data, '\n');
---
>
> rc = read(fd, &len, sizeof(int));
> if (rc != sizeof(int)) {
> return 1;
> }
> if(rc!=0){
> r->args = apr_pcalloc(r->pool,len+1);
> rc = read(fd,r->args,len);
> if (rc != len){
> return 1;
> }
> } else {
> r->args=NULL;
> }
399a421,425
> /* Write the request type (SSI "exec cmd" or cgi). */
> if (write(fd, &r_type, sizeof(int)) < 0) {
> ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> "write to cgi daemon process");
> }
403,404c429,432
< for (i =0; env[i]; i++) {
< continue;
---
> len=strlen(data);
> if (write(fd, &len, sizeof(int))<0){
> ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> "write to cgi daemon process");
407,408c435
< /* Write the request type (SSI "exec cmd" or cgi). */
< if (write(fd, &r_type, sizeof(int)) < 0) {
---
> if(write(fd,data,len)<0){
412a440,444
> for (i =0; env[i]; i++) {
> continue;
> }
>
>
420c452,465
< data = apr_pstrcat(r->pool, data, env[i], "\n", NULL);
---
> len=strlen(env[i]);
> if(write(fd,&len,sizeof(int)) < 0) {
> ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> "write to cgi daemon process");
> }
> if(write(fd,env[i],len) < 0){
> ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> "write to cgi daemon process");
> }
> }
> if(r->args!=NULL){
> len=strlen(r->args);
> } else {
> len=0;
422,424c467
< data = apr_pstrcat(r->pool, data, r->args, NULL);
< len = strlen(data);
< /* Write the length of the concatenated env string. */
---
>
429,430c472,473
< /* Write the concatted env string. */
< if (write(fd, data, len) < 0) {
---
> if( len!=0){
> if (write(fd,r->args,len)<0){
433a477,478
> }
>
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org