While sending paramters of called cgi script from working thrad to cgid serwer by socket '\n' char is used to separate each part. If in sending enviroment '\n' char will be used, all parameters will be send bad, some enviroment elements and - what worst - every PUT variable will be lost. This bug making cgi scripts which are working in SSL enviromend and which need SSL information unusable. Maybe this patch to mod-cgid.c will help: 284,287d283 < rc = read(fd, &j, sizeof(int)); < if (rc != sizeof(int)) { < return 1; < } 303a300,303 > rc = read(fd, &j, sizeof(int)); > if (rc != sizeof(int)) { > return 1; > } 305,307c305,313 < i = 0; < for (i = 0; i < j; i++) { < environ[i] = ap_getword(r->pool, (const char **)&data, '\n'); --- > for(i=0;i<j;i++){ > rc = read(fd, &len, sizeof(int)); > if (rc != sizeof(int)) { > return 1; > } > environ[i] = apr_pcalloc(r->pool,len+1); > rc = read(fd,environ[i],len); > if (rc != len){ > return 1; 308a315,316 > } > 310c318,331 < r->args = ap_getword(r->pool, (const char **)&data, '\n'); --- > > rc = read(fd, &len, sizeof(int)); > if (rc != sizeof(int)) { > return 1; > } > if(rc!=0){ > r->args = apr_pcalloc(r->pool,len+1); > rc = read(fd,r->args,len); > if (rc != len){ > return 1; > } > } else { > r->args=NULL; > } 399a421,425 > /* Write the request type (SSI "exec cmd" or cgi). */ > if (write(fd, &r_type, sizeof(int)) < 0) { > ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r, > "write to cgi daemon process"); > } 403,404c429,432 < for (i =0; env[i]; i++) { < continue; --- > len=strlen(data); > if (write(fd, &len, sizeof(int))<0){ > ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r, > "write to cgi daemon process"); 407,408c435 < /* Write the request type (SSI "exec cmd" or cgi). */ < if (write(fd, &r_type, sizeof(int)) < 0) { --- > if(write(fd,data,len)<0){ 412a440,444 > for (i =0; env[i]; i++) { > continue; > } > > 420c452,465 < data = apr_pstrcat(r->pool, data, env[i], "\n", NULL); --- > len=strlen(env[i]); > if(write(fd,&len,sizeof(int)) < 0) { > ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r, > "write to cgi daemon process"); > } > if(write(fd,env[i],len) < 0){ > ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r, > "write to cgi daemon process"); > } > } > if(r->args!=NULL){ > len=strlen(r->args); > } else { > len=0; 422,424c467 < data = apr_pstrcat(r->pool, data, r->args, NULL); < len = strlen(data); < /* Write the length of the concatenated env string. */ --- > 429,430c472,473 < /* Write the concatted env string. */ < if (write(fd, data, len) < 0) { --- > if( len!=0){ > if (write(fd,r->args,len)<0){ 433a477,478 > } >
A fix has just been committed. Communication between handler and daemon was extensively reworked. Environment variables were handled as in the patch submitted with this PR. Thanks for your debug work, and thanks for using Apache 2.0!
*** Bug 9953 has been marked as a duplicate of this bug. ***