You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/11/14 06:31:58 UTC
[Bug 57212] New: Header size bug
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
Bug ID: 57212
Summary: Header size bug
Product: Apache httpd-2
Version: 2.2.22
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_fcgid
Assignee: bugs@httpd.apache.org
Reporter: vasilev@fastvps.ru
Apache Internal error with send headers > 8Kb, for example:
function randomPassword($len) {
$alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
for ($i = 0; $i < $len; $i++) {
$n = rand(0, count($alphabet)-1);
$pass .= $alphabet[$n];
}
return $pass;
}
setcookie("test", randomPassword(8173));
And this code OK:
function randomPassword($len) {
$alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
for ($i = 0; $i < $len; $i++) {
$n = rand(0, count($alphabet)-1);
$pass .= $alphabet[$n];
}
return $pass;
}
setcookie("test", randomPassword(8172));
Difference in one byte.
Please, check.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57212] Headers returned by scripts are limited to 8190 bytes
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
--- Comment #3 from Jeff Trawick <tr...@apache.org> ---
>You can fix this? How?
It may be possible to recompile everything with a bigger MAX_STRING_LEN, but I
can't confirm that.
The right solution seems to be new APIs in httpd core, and changes to modules
like mod_fcgid to use the new APIs. The new APIs would respect user
configuration of higher limits for script header size, just as the
LimitRequestFieldSize directive controls something similar for client request
headers.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57212] Headers returned by scripts are limited to 8190 bytes
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
--- Comment #4 from Roman <va...@fastvps.ru> ---
#define MAX_STRING_LEN 256(In reply to Jeff Trawick from comment #3)
How much increase?
LimitRequestFieldSize present in Apache 2.2, but does not help :(
> >You can fix this? How?
>
> It may be possible to recompile everything with a bigger MAX_STRING_LEN, but
> I can't confirm that.
>
> The right solution seems to be new APIs in httpd core, and changes to
> modules like mod_fcgid to use the new APIs. The new APIs would respect user
> configuration of higher limits for script header size, just as the
> LimitRequestFieldSize directive controls something similar for client
> request headers.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57212] Headers returned by scripts are limited to 8190 bytes
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
Jeff Trawick <tr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|mod_fcgid |Core
Summary|Header size bug |Headers returned by scripts
| |are limited to 8190 bytes
--- Comment #1 from Jeff Trawick <tr...@apache.org> ---
This is a restriction imposed by the core APIs which modules like mod_fcgid use
to read the response header (ap_scan_script_header_err_core() and friends).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57212] Headers returned by scripts are limited to 8190 bytes
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
--- Comment #5 from Jeff Trawick <tr...@apache.org> ---
>define MAX_STRING_LEN 256
That's the definition in a couple of utility programs.
It would need to be edited in httpd.h to be larger than 8192. It is probably
less risky to keep MAX_STRING_LEN and HUGE_STRING_LEN equivalent, so
/* old value: #define HUGE_STRING_LEN 8192 */
#define HUGE_STRING_LEN 10000
10000 assumes that your cookies aren't so big.
You'd have to recompile all of httpd, mod_fcgid, and any other third-party
modules that use HUGE_STRING_LEN. And I'm not sure if it would all work.
Perhaps you can reduce the size of your cookie.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57212] Headers returned by scripts are limited to 8190 bytes
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
Jeff Trawick <tr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #7 from Jeff Trawick <tr...@apache.org> ---
Let's leave this open to track a better solution in the future. Many users,
such as those that obtain httpd from the OS, aren't able to recompile
everything.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57212] Headers returned by scripts are limited to 8190 bytes
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
Roman Vasilev <va...@fastvps.ru> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Roman Vasilev <va...@fastvps.ru> ---
Yes, this solved problem. Thanks!
(In reply to Jeff Trawick from comment #5)
> >define MAX_STRING_LEN 256
>
> That's the definition in a couple of utility programs.
>
> It would need to be edited in httpd.h to be larger than 8192. It is
> probably less risky to keep MAX_STRING_LEN and HUGE_STRING_LEN equivalent, so
>
> /* old value: #define HUGE_STRING_LEN 8192 */
> #define HUGE_STRING_LEN 10000
>
> 10000 assumes that your cookies aren't so big.
>
> You'd have to recompile all of httpd, mod_fcgid, and any other third-party
> modules that use HUGE_STRING_LEN. And I'm not sure if it would all work.
>
> Perhaps you can reduce the size of your cookie.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57212] Headers returned by scripts are limited to 8190 bytes
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57212
--- Comment #2 from Roman <va...@fastvps.ru> ---
(In reply to Jeff Trawick from comment #1)
> This is a restriction imposed by the core APIs which modules like mod_fcgid
> use to read the response header (ap_scan_script_header_err_core() and
> friends).
You can fix this? How?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org