You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2009/04/16 21:23:46 UTC

svn commit: r765725 - in /httpd/httpd/trunk: CHANGES modules/generators/mod_cgid.c

Author: trawick
Date: Thu Apr 16 19:23:45 2009
New Revision: 765725

URL: http://svn.apache.org/viewvc?rev=765725&view=rev
Log:
mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).

Dynamically allocate the AF_UNIX sockaddr based on the required filename size.
For some platforms (e.g., Solaris, OS X, FreeBSD), this allows longer
socket filenames to be used.

When the name is too long, the failure reporting is more consistent and a 
socket with truncated pathname is not left stranded.  The user still needs
An extra unlink() failure message may be generated when attempting to clean 
up the socket after a daemon initialization error; the message is surpressed 
for ENOTENT, but not for ENAMETOOLONG.

PR: 47037


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/generators/mod_cgid.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=765725&r1=765724&r2=765725&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Apr 16 19:23:45 2009
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.3
 
+  *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).  
+     PR 47037.  [Jeff Trawick]
+
   *) SECURITY: CVE-2008-5519 (cve.mitre.org)
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]

Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=765725&r1=765724&r2=765725&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Thu Apr 16 19:23:45 2009
@@ -88,6 +88,8 @@
 static server_rec *root_server = NULL;
 static apr_pool_t *root_pool = NULL;
 static const char *sockname;
+static struct sockaddr_un *server_addr;
+static apr_socklen_t server_addr_len;
 static pid_t parent_pid;
 static ap_unix_identity_t empty_ugid = { (uid_t)-1, (gid_t)-1, -1 };
 
@@ -591,10 +593,8 @@
 
 static int cgid_server(void *data)
 {
-    struct sockaddr_un unix_addr;
     int sd, sd2, rc;
     mode_t omask;
-    apr_socklen_t len;
     apr_pool_t *ptrans;
     server_rec *main_server = data;
     apr_hash_t *script_hash = apr_hash_make(pcgi);
@@ -619,12 +619,8 @@
         return errno;
     }
 
-    memset(&unix_addr, 0, sizeof(unix_addr));
-    unix_addr.sun_family = AF_UNIX;
-    apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path);
-
     omask = umask(0077); /* so that only Apache can use socket */
-    rc = bind(sd, (struct sockaddr *)&unix_addr, sizeof(unix_addr));
+    rc = bind(sd, (struct sockaddr *)server_addr, server_addr_len);
     umask(omask); /* can't fail, so can't clobber errno */
     if (rc < 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
@@ -678,6 +674,8 @@
         cgid_req_t cgid_req;
         apr_status_t stat;
         void *key;
+        apr_socklen_t len;
+        struct sockaddr_un unix_addr;
 
         apr_pool_clear(ptrans);
 
@@ -906,6 +904,12 @@
 
         parent_pid = getpid();
         sockname = ap_server_root_relative(p, sockname);
+
+        server_addr_len = APR_OFFSETOF(struct sockaddr_un, sun_path) + strlen(sockname);
+        server_addr = (struct sockaddr_un *)apr_palloc(p, server_addr_len + 1);
+        server_addr->sun_family = AF_UNIX;
+        strcpy(server_addr->sun_path, sockname);
+
         ret = cgid_start(p, main_server, procnew);
         if (ret != OK ) {
             return ret;
@@ -1158,15 +1162,10 @@
 static int connect_to_daemon(int *sdptr, request_rec *r,
                              cgid_server_conf *conf)
 {
-    struct sockaddr_un unix_addr;
     int sd;
     int connect_tries;
     apr_interval_time_t sliding_timer;
 
-    memset(&unix_addr, 0, sizeof(unix_addr));
-    unix_addr.sun_family = AF_UNIX;
-    apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path);
-
     connect_tries = 0;
     sliding_timer = 100000; /* 100 milliseconds */
     while (1) {
@@ -1175,7 +1174,7 @@
             return log_scripterror(r, conf, HTTP_INTERNAL_SERVER_ERROR, errno,
                                    "unable to create socket to cgi daemon");
         }
-        if (connect(sd, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0) {
+        if (connect(sd, (struct sockaddr *)server_addr, server_addr_len) < 0) {
             if (errno == ECONNREFUSED && connect_tries < DEFAULT_CONNECT_ATTEMPTS) {
                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, errno, r,
                               "connect #%d to cgi daemon failed, sleeping before retry",