Bug 14550 - bug in server-client comunication while sending enviroment variables
Summary: bug in server-client comunication while sending enviroment variables
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_cgi (show other bugs)
Version: 2.0.42
Hardware: All All
: P3 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
: 9953 (view as bug list)
Depends on:
Blocks:
 
Reported: 2002-11-14 11:41 UTC by Piotr Czejkowski
Modified: 2004-11-16 19:05 UTC (History)
1 user (show)


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Czejkowski 2002-11-14 11:41:11 UTC 
While sending paramters of called cgi script from working thrad to cgid serwer
by socket '\n' char is used to separate each part. If in sending enviroment '\n'
char will be used, all parameters will be send bad, some enviroment elements and
- what worst - every PUT variable will be lost. This bug making cgi scripts
which are working in SSL enviromend and which need SSL information unusable. 
Maybe this patch to mod-cgid.c will help:

284,287d283
<     rc = read(fd, &j, sizeof(int));
<     if (rc != sizeof(int)) {
<         return 1;
<     }
303a300,303
>     rc = read(fd, &j, sizeof(int));
>     if (rc != sizeof(int)) {
>         return 1;
>     }
305,307c305,313
<     i = 0; 
<     for (i = 0; i < j; i++) { 
<         environ[i] = ap_getword(r->pool, (const char **)&data, '\n'); 
---
>     for(i=0;i<j;i++){
>     	rc = read(fd, &len, sizeof(int));
>     	if (rc != sizeof(int)) {
> 	    return 1;
> 	}
> 	environ[i] = apr_pcalloc(r->pool,len+1);
> 	rc = read(fd,environ[i],len);
> 	if (rc != len){
> 	    return 1;
308a315,316
>     }
> 
310c318,331
<     r->args = ap_getword(r->pool, (const char **)&data, '\n'); 
---
> 
>     rc = read(fd, &len, sizeof(int));
>     if (rc != sizeof(int)) {
> 	return 1;
>     }
>     if(rc!=0){
>     	r->args = apr_pcalloc(r->pool,len+1);
>     	rc = read(fd,r->args,len);
>     	if (rc != len){
> 	     	return 1;
>     	}
>     } else {
>     	r->args=NULL;
>     }	
399a421,425
>     /* Write the request type (SSI "exec cmd" or cgi). */
>     if (write(fd, &r_type, sizeof(int)) < 0) {
> 	ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 		     "write to cgi daemon process");
>     }
403,404c429,432
<     for (i =0; env[i]; i++) { 
<         continue; 
---
>     len=strlen(data);
>     if (write(fd, &len, sizeof(int))<0){
>         ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 		     "write to cgi daemon process");
407,408c435
<     /* Write the request type (SSI "exec cmd" or cgi). */
<     if (write(fd, &r_type, sizeof(int)) < 0) {
---
>     if(write(fd,data,len)<0){
412a440,444
>    for (i =0; env[i]; i++) { 
> 	continue; 
>     } 
> 
> 
420c452,465
<         data = apr_pstrcat(r->pool, data, env[i], "\n", NULL); 
---
>         len=strlen(env[i]); 
> 	if(write(fd,&len,sizeof(int)) < 0) {
> 		ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 			      "write to cgi daemon process");
> 	}
> 	if(write(fd,env[i],len) < 0){
> 		ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
> 		             "write to cgi daemon process");
> 	}		
>     }
>     if(r->args!=NULL){ 
>     	len=strlen(r->args);
>     } else {
> 	len=0;
422,424c467
<     data = apr_pstrcat(r->pool, data, r->args, NULL); 
<     len = strlen(data); 
<     /* Write the length of the concatenated env string. */
---
> 
429,430c472,473
<     /* Write the concatted env string. */     
<     if (write(fd, data, len) < 0) {
---
>     if( len!=0){
>    	if (write(fd,r->args,len)<0){
433a477,478
>     }
>
Comment 1 Jeff Trawick 2002-11-15 02:51:39 UTC 
A fix has just been committed.

Communication between handler and daemon was extensively reworked.
Environment variables were handled as in the patch submitted with
this PR.

Thanks for your debug work, and thanks for using Apache 2.0!
Comment 2 Joe Orton 2004-03-10 18:12:39 UTC 
*** Bug 9953 has been marked as a duplicate of this bug. ***