You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2009/10/20 00:03:31 UTC

svn commit: r826829 - in /httpd/mod_fcgid/trunk: CHANGES-FCGID modules/fcgid/fcgid_bridge.c

Author: trawick
Date: Mon Oct 19 22:03:30 2009
New Revision: 826829

URL: http://svn.apache.org/viewvc?rev=826829&view=rev
Log:
Fix possible corruption or truncation of request bodies which exceed
FcgidMaxRequestInMem.  

If the entire excess had been read from the brigade at the time the
limit was exceeded, the bug would be avoided.

This is a regression since mod_fcgid 2.2, which effectively ignored 
FcgidMaxRequestInMem if larger than 8K, since it reset the cumulative
request_len counter each time it obtained an input brigade of up to
HUGE_STRING_LEN bytes.

PR: 48021

Modified:
    httpd/mod_fcgid/trunk/CHANGES-FCGID
    httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c

Modified: httpd/mod_fcgid/trunk/CHANGES-FCGID
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/CHANGES-FCGID?rev=826829&r1=826828&r2=826829&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/CHANGES-FCGID [utf8] (original)
+++ httpd/mod_fcgid/trunk/CHANGES-FCGID [utf8] Mon Oct 19 22:03:30 2009
@@ -1,6 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with mod_fcgid 2.3.5
 
+  *) Fix possible corruption or truncation of request bodies which exceed
+     FcgidMaxRequestInMem.  This is a regression since mod_fcgid 2.2, which
+     effectively ignored FcgidMaxRequestInMem if larger than 8K.  PR 48021.
+     [Jeff Trawick]
+
   *) Fix handling of the request body when a FastCGI access checker/
      authenticator/authorizer (AAA) was configured.  The body wasn't available
      for the request handler.  PR 47973.

Modified: httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c?rev=826829&r1=826828&r2=826829&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c (original)
+++ httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c Mon Oct 19 22:03:30 2009
@@ -446,7 +446,6 @@
     fcgid_server_conf *sconf = ap_get_module_config(r->server->module_config,
                                                     &fcgid_module);
     int seen_eos;
-    int need_truncate = 1;
 
     /* Stdin header and body */
     /* XXX HACK: I have to read all the request into memory before sending it 
@@ -526,6 +525,15 @@
                     apr_pool_userdata_get(&tmp, fd_key,
                                           r->connection->pool);
                     fd = tmp;
+
+                    if (fd != NULL) {
+                        if ((rv = apr_file_trunc(fd, 0)) != APR_SUCCESS) {
+                            ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r,
+                                          "mod_fcgid: can't truncate existing "
+                                          "temporary file");
+                            return HTTP_INTERNAL_SERVER_ERROR;
+                        }
+                    }
                 }
 
                 if (fd == NULL) {
@@ -552,11 +560,8 @@
                     apr_pool_userdata_set((const void *) fd, fd_key,
                                           apr_pool_cleanup_null,
                                           r->connection->pool);
-                } else if (need_truncate) {
-                    need_truncate = 0;
-                    apr_file_trunc(fd, 0);
-                    cur_pos = 0;
                 }
+
                 /* Write request to tmp file */
                 if ((rv =
                      apr_file_write_full(fd, (const void *) data, len,