ports/142795: mod_fcgid broken large form uploads
Sergey Prikhodko
sergey at network-asp.biz
Wed Jan 13 21:30:02 UTC 2010
>Number: 142795
>Category: ports
>Synopsis: mod_fcgid broken large form uploads
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 13 21:30:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Sergey Prikhodko
>Release: 7.2-RELEASE-p47.2-RELEASE-p4
>Organization:
Network-ASP
>Environment:
FreeBSD xeon.office.network-asp.biz 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct 2 12:21:39 UTC 2009 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
from http://svn.apache.org/viewvc?view=revision&revision=826829:
Fix possible corruption or truncation of request bodies which exceed
FcgidMaxRequestInMem.
If the entire excess had been read from the brigade at the time the
limit was exceeded, the bug would be avoided.
This is a regression since mod_fcgid 2.2, which effectively ignored
FcgidMaxRequestInMem if larger than 8K, since it reset the cumulative
request_len counter each time it obtained an input brigade of up to
HUGE_STRING_LEN bytes.
>How-To-Repeat:
try upload large file (>64kb)
>Fix:
http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c?r1=826829&r2=826828&pathrev=826829&view=patch
see attached patch
Patch attached with submission follows:
diff -ruN mod_fcgid.orig/files/patch-modules-fcgid-fcgid_bridge.c mod_fcgid/files/patch-modules-fcgid-fcgid_bridge.c
--- mod_fcgid.orig/files/patch-modules-fcgid-fcgid_bridge.c 1970-01-01 03:00:00.000000000 +0300
+++ mod_fcgid/files/patch-modules-fcgid-fcgid_bridge.c 2010-01-13 23:16:36.000000000 +0200
@@ -0,0 +1,39 @@
+--- ./modules/fcgid/fcgid_bridge.c.orig 2009-10-07 14:37:11.000000000 +0300
++++ ./modules/fcgid/fcgid_bridge.c 2010-01-13 23:15:11.000000000 +0200
+@@ -448,7 +448,6 @@
+ int seen_eos;
+ apr_off_t request_size = 0;
+ apr_file_t *fd = NULL;
+- int need_truncate = 1;
+ apr_off_t cur_pos = 0;
+ FCGI_Header *stdin_request_header;
+ apr_bucket_brigade *output_brigade;
+@@ -548,6 +547,15 @@
+ apr_pool_userdata_get(&tmp, fd_key,
+ r->connection->pool);
+ fd = tmp;
++
++ if (fd != NULL) {
++ if ((rv = apr_file_trunc(fd, 0)) != APR_SUCCESS) {
++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r,
++ "mod_fcgid: can't truncate existing "
++ "temporary file");
++ return HTTP_INTERNAL_SERVER_ERROR;
++ }
++ }
+ }
+
+ if (fd == NULL) {
+@@ -574,11 +582,8 @@
+ apr_pool_userdata_set((const void *) fd, fd_key,
+ apr_pool_cleanup_null,
+ r->connection->pool);
+- } else if (need_truncate) {
+- need_truncate = 0;
+- apr_file_trunc(fd, 0);
+- cur_pos = 0;
+ }
++
+ // Write request to tmp file
+ if ((rv =
+ apr_file_write_full(fd, (const void *) data, len,
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list