You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Doug MacEachern <do...@cp.net> on 1999/05/26 07:55:25 UTC
Re: [comp.lang.perl.modules] Re: Found: Big Mod Perl Bug/Gotcha
On 25 May 1999, Randal L. Schwartz wrote:
>
> heads up, but I bet it's a backrev version.
>
> has anyone else seen this?
yes, this bit me last week. there is a bug in ap_send_error_reponse().
it assumes that a handler who returns a redirect status code has set
r->headers_out->{Location}, and ends up feeding a NULL value to
ap_escape_html(), causing the core dump. I think it should check if there
is a Location header in the r->err_headers_out table too, and of course,
do something better if there is no Location header anywhere.
-Doug
> --
> Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
> Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
> Email: <me...@stonehenge.com> Snail: (Call) PGP-Key: (finger merlyn@teleport.com)
> Web: <A HREF="http://www.stonehenge.com/merlyn/">My Home Page!</A>
> Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me
> ------- Start of forwarded message -------
> Newsgroups: comp.lang.perl.modules
> Subject: Re: Found: Big Mod Perl Bug/Gotcha
> References: <37...@NyOaShPoAoMo.com>
> From: merlyn@stonehenge.com (Randal L. Schwartz)
> Message-ID: <m1...@halfdome.holdit.com>
> Organization: Stonehenge Consulting Services; Portland, Oregon, USA
> Date: 25 May 1999 12:07:13 -0700
>
> >>>>> "Justin" == Justin <sq...@NyOaShPoAoMo.com> writes:
>
> Justin> Just so some of you don't fall into the same trap, I
> Justin> thought I'd post a strange problem I found in mod_perl
>
> Justin> I was trying to use the same mod_perl module for two
> Justin> different apache servers. On one it worked fine, on the other
> Justin> it would segmentation fault (sig 11) the server every time it
> Justin> returned a "REDIRECT" value. I couldn't figure out why this
> Justin> was, until after a long period of trial and error, I finally
> Justin> figured it out.
>
> Justin> If you specify the directories for the module to be
> Justin> activated in in the access.conf file of apache, it will
> Justin> segmentation fault if you use the err_headers_out() function,
> Justin> instead of the headers_out() function to return headers in the
> Justin> http request.
>
> Justin> If you specify the directories for the module to be
> Justin> activated in in the httpd.conf file it will not return a
> Justin> header specified with headers_out() and you will have to use
> Justin> err_headers_out().
>
> There should be no difference between access.conf and httpd.conf,
> or between versions. If you think you've found a bug, please
> reduce it to a minimal set of triggers and forward to modperl@apache.org...
> I'm sure the developers would love to hear about it.
>
> --
> Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
> Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
> Email: <me...@stonehenge.com> Snail: (Call) PGP-Key: (finger merlyn@teleport.com)
> Web: <A HREF="http://www.stonehenge.com/merlyn/">My Home Page!</A>
> Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me
> ------- End of forwarded message -------
>
Re: [comp.lang.perl.modules] Re: Found: Big Mod Perl Bug/Gotcha
Posted by Doug MacEachern <do...@cp.net>.
> Ahhh. Yes, that's a legitimate bug. Try the following patch
> (against HEAD).
looks good to me, +1.
-Doug
Re: [comp.lang.perl.modules] Re: Found: Big Mod Perl Bug/Gotcha
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Doug MacEachern wrote:
>
> huh? printf? if I set Location in r->err_headers_out instead of
> r->headers_out, Apache core dumps.
Ahhh. Yes, that's a legitimate bug. Try the following patch
(against HEAD).
--
#ken P-)}
Ken Coar <http://Web.Golux.Com/coar/>
Apache Software Foundation <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>
Index: http_protocol.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.267
retrieving revision 1.268
diff -u -r1.267 -r1.268
--- http_protocol.c 1999/05/03 15:09:07 1.267
+++ http_protocol.c 1999/05/26 18:28:06 1.268
@@ -2308,6 +2308,14 @@
char *custom_response;
const char *location = ap_table_get(r->headers_out, "Location");
+ /*
+ * It's possible that the Location field might be in r->err_headers_out
+ * instead of r->headers_out; use the latter if possible, else the
+ * former.
+ */
+ if (location == NULL) {
+ location = ap_table_get(r->err_headers_out, "Location");
+ }
/* We need to special-case the handling of 204 and 304 responses,
* since they have specific HTTP requirements and do not include a
* message body. Note that being assbackwards here is not an option.
@@ -2359,9 +2367,10 @@
r->err_headers_out = tmp;
ap_clear_table(r->err_headers_out);
- if (location && *location
- && (ap_is_HTTP_REDIRECT(status) || status == HTTP_CREATED))
+ if ((location != NULL) && *location
+ && (ap_is_HTTP_REDIRECT(status) || status == HTTP_CREATED)) {
ap_table_setn(r->headers_out, "Location", location);
+ }
r->content_language = NULL;
r->content_languages = NULL;
Re: [comp.lang.perl.modules] Re: Found: Big Mod Perl Bug/Gotcha
Posted by Doug MacEachern <do...@cp.net>.
> I don't think so. A handler that says 'respond with a redirect'
> without also specifying a target is just plain broken. It's
> equivalent to 'printf("%s", foo)' without having initialised foo.
> I suppose we could guard against this by having ap_send_error_response()
> log a message and process a 500 Server Error message; is that what
> you want? I'm not entirely sure the defensive code is worth it
> in such a clear-cut (to me) case of brokenness.
huh? printf? if I set Location in r->err_headers_out instead of
r->headers_out, Apache core dumps. that is my fault? what ever happened
to "err_headers_out are always sent no matter what"?
-Doug
Re: [comp.lang.perl.modules] Re: Found: Big Mod Perl Bug/Gotcha
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Doug MacEachern wrote:
>
> yes, this bit me last week. there is a bug in ap_send_error_reponse().
> it assumes that a handler who returns a redirect status code has set
> r->headers_out->{Location}, and ends up feeding a NULL value to
> ap_escape_html(), causing the core dump. I think it should check if there
> is a Location header in the r->err_headers_out table too, and of course,
> do something better if there is no Location header anywhere.
I don't think so. A handler that says 'respond with a redirect'
without also specifying a target is just plain broken. It's
equivalent to 'printf("%s", foo)' without having initialised foo.
I suppose we could guard against this by having ap_send_error_response()
log a message and process a 500 Server Error message; is that what
you want? I'm not entirely sure the defensive code is worth it
in such a clear-cut (to me) case of brokenness.
--
#ken P-)}
Ken Coar <http://Web.Golux.Com/coar/>
Apache Software Foundation <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>