You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/10/10 19:13:33 UTC

DO NOT REPLY [Bug 43589] New: - mod_disk_cache may store invalid body of entity

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43589>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43589

           Summary: mod_disk_cache may store invalid body of entity
           Product: Apache httpd-2
           Version: 2.2-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_disk_cache
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: michelnok@mail.ru


mod_disk_cache uses buffered write operation when it stores the body of the
entity, but then it doesn't check the result of buffers flush. As a result, the
disk can contain invalid body of entity, when the header of the entity is correct.

Steps to reproduce one of possible consequences:

1. Use Apache in reverse proxy mode with disk cache (mod_proxy / mod_cache /
mod_disk_cache).
2. Fill the disk with Apache's cache, leave 2-3 KB available.
3. Request a file with size < 4 KB (GET request) that is not in the cache yet.
4. Request the same file (GET request), a response will be invalid, with
"Content-length: 0" and without body.
5. Try to request information about the same file (HEAD request), it will return
correct "Content-length".

Detailed description of the reason, per mod_disk_cache.c source:

1. store_body() function uses APR_BUFFERED flag in call to apr_file_mktemp(), so
it uses buffered I/O.
2. Result of apr_file_write_full() call in store_body() function is checked, but
in case of buffered I/O it can flag successful writing to a buffer only.
3. store_body() function then calls file_cache_el_final() function without
checking of result code.
4. file_cache_el_final() function doesn't check result code of apr_file_close()
call. In case of buffered I/O apr_file_close() may return error code from
unsuccessful call to apr_file_flush().

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org