Bug 39710 - mod_cgi truncates error replies
Summary: mod_cgi truncates error replies
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_cgi (show other bugs)
Version: 2.2.4
Hardware: PC Linux
: P2 regression with 3 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
: 37938 42525 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-06-02 22:22 UTC by Paul Querna
Modified: 2007-07-20 01:31 UTC (History)
7 users (show)


Attachments
don't truncate error replies (832 bytes, patch)
2007-02-04 21:30 UTC, Paul Querna 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Querna 2006-06-02 22:22:34 UTC 
A 500 ISE page is not send to clients with mod_cgi, which there is an invalid
CGI.  With mod_cgid the correct output is generated.

To repo:
echo "foo" > foo.cgi

With mod_cgi the output to a client is:
% curl -is --compressed http://example.com/foo.cgi

HTTP/1.1 500 Internal Server Error
Date: Fri, 02 Jun 2006 22:21:49 GMT
Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.7a
Content-Length: 0
Connection: close
Content-Type: text/plain

A zero byte reply. However, just swap the LoadModule to mod_cgid, and restart,
and the reply is this:
HTTP/1.1 500 Internal Server Error
Date: Fri, 02 Jun 2006 22:18:36 GMT
Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.7a
Vary: Accept-Encoding
Content-Length: 653
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
....
etc.
Comment 1 Paul Querna 2006-06-02 22:52:37 UTC 
Looks like this is caused by the changes in r231167:
http://svn.apache.org/viewvc?view=rev&revision=231167

mod_cgid was not modified to be kept in sync with mod_cgi.  They both have
nearly the same code path after the ap_scan_script_header_err...
Comment 2 Vincent Jong 2006-12-08 10:47:23 UTC 
*** Bug 37938 has been marked as a duplicate of this bug. ***
Comment 3 Sven Strickroth 2007-01-20 05:13:34 UTC 
this bug is still in 2.2.4, if you have mod_deflate enabled, you get the
gz-output instead of a text-file
Comment 4 Paul Querna 2007-02-04 21:30:09 UTC 
Created attachment 19513 [details]
don't truncate error replies
Comment 5 Paul Querna 2007-02-04 21:30:59 UTC 
Attached patch has been running in production since this bug was opened.  If you
run into this problem, can you try patching your mod_cgi.c?
Comment 6 Vincent Jong 2007-02-04 22:25:38 UTC 
I can confirm the patch works on Apache2.2.4 with mod_deflate configured as 
well.
Comment 7 Bob Kline 2007-04-16 11:08:42 UTC 
Anything I can do to help get this bug fixed?  Is testing the patch all that
stands in the way of getting it folded into the trunk?
Comment 8 Bob Kline 2007-04-26 07:21:26 UTC 
(In reply to comment #7)
> Anything I can do to help get this bug fixed?  Is testing the patch all that
> stands in the way of getting it folded into the trunk?

Hello?  Anybody home?  What's next?
Comment 9 Nick Kew 2007-05-26 11:31:06 UTC 
*** Bug 42525 has been marked as a duplicate of this bug. ***
Comment 10 Robert Siemer 2007-05-26 12:43:40 UTC 
Why should bug 42525 be a duplicate of this one?

My setup runs with the Worker MPM, that means with mod_cgid.c. But the patch
here touches only mod_cgi.c and so can't possibly change anything in "my" bug.

Nick, could you explain that to me?
Comment 11 Nick Kew 2007-05-26 13:51:09 UTC 
Please don't add other people to an error report!

(In reply to comment #10)
> Why should bug 42525 be a duplicate of this one?

It certainly looks like it.  Is your CGI script
  (a) crashing,
  (b) generating an error response, or
  (c) generating a malformed response?

> My setup runs with the Worker MPM, that means with mod_cgid.c. But the patch
> here touches only mod_cgi.c and so can't possibly change anything in "my" bug.

what does "httpd -M" tell you?
Comment 12 Robert Siemer 2007-05-26 14:18:41 UTC 
(In reply to comment #11)
> Please don't add other people to an error report!

I obviously wanted to make sure you get my comment. I assume now that you get
these comments otherwise, too. Do you know a smart way how to find that out? -
Who added me to this bug here?

> (In reply to comment #10)
> > Why should bug 42525 be a duplicate of this one?
> 
> It certainly looks like it.  Is your CGI script
>   (a) crashing,
>   (b) generating an error response, or
>   (c) generating a malformed response?

If you refer to the script I mention in "my" bug, it prints a "hello" and exits.
I think that is what you refer to with (c). - But what is (a) exactly?

I first noticed the problem with a script that should generated a conforming 200
OK response, but it didn't because of errors in it. You could say it "crashed",
but doing so, it generated a malformed response...

> > My setup runs with the Worker MPM, that means with mod_cgid.c. But the patch
> > here touches only mod_cgi.c and so can't possibly change anything in "my" bug.
> 
> what does "httpd -M" tell you?

siemer@polar:~$ /usr/sbin/apache2 -M
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_worker_module (static)
 http_module (static)
 so_module (static)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_default_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cache_module (shared)
 cgi_module (shared)
 cgid_module (shared)
 dir_module (shared)
 disk_cache_module (shared)
 env_module (shared)
 include_module (shared)
 info_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 speling_module (shared)
 status_module (shared)
 suexec_module (shared)
 userdir_module (shared)
Syntax OK


The documentation at http://httpd.apache.org/docs/2.2/mod/mod_cgid.html says
that a threaded MPM uses mod_cgid. And the server-info handler on my site
reports the Worker MPM with "threaded: yes". - Are there setups that use both!??

Regards
Comment 13 Nick Kew 2007-05-26 15:46:47 UTC 
(In reply to comment #12)

>  cgi_module (shared)

Remove mod_cgi, and I expect your bug will go away.
Comment 14 Robert Siemer 2007-05-26 17:02:05 UTC 
(In reply to comment #13)
> (In reply to comment #12)
> 
> >  cgi_module (shared)
> 
> Remove mod_cgi, and I expect your bug will go away.

I removed the mod_cgi and the bug went away. Thank you, Nick.

That makes now the link between the mpm and the two cgi(d) modules unclear to
me. And if loading both modules makes no sense, it could raise an error or
warning...

Regards, R
Comment 15 Ruediger Pluem 2007-05-26 17:28:39 UTC 
(In reply to comment #14)

> 
> That makes now the link between the mpm and the two cgi(d) modules unclear to

See the second paragraph of the summary of 

http://httpd.apache.org/docs/2.2/en/mod/mod_cgid.html

for why mod_cgid exists. If forks of multi threaded processes are not expensive
on your OS you can use mod_cgi with a threaded MPM as well (you can even do so
if they are expensive but then you may pay a huge performance penalty).
Comment 16 Robert Siemer 2007-05-26 18:31:12 UTC 
(In reply to comment #15)
> ... 
> If forks of multi threaded processes are not expensive
> on your OS you can use mod_cgi with a threaded MPM as well (you can even do so
> if they are expensive but then you may pay a huge performance penalty).

What I draw out of that:
you can use mod_cgid or mod_cgi with whatever MPM. And the one you load first
gets used.

That opens a new question: Why says the doc "[mod_cgid] is used by default
instead of mod_cgi whenever a multi-threaded MPM is selected" when there is no
such default?