From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jan 13 21:30:02 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72B8910656C4 for ; Wed, 13 Jan 2010 21:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 366518FC16 for ; Wed, 13 Jan 2010 21:30:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0DLU2bd054266 for ; Wed, 13 Jan 2010 21:30:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0DLU2Kv054259; Wed, 13 Jan 2010 21:30:02 GMT (envelope-from gnats) Resent-Date: Wed, 13 Jan 2010 21:30:02 GMT Resent-Message-Id: <201001132130.o0DLU2Kv054259@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Sergey Prikhodko Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 77B9D106566C for ; Wed, 13 Jan 2010 21:27:08 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 5A5D18FC12 for ; Wed, 13 Jan 2010 21:27:08 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o0DLR7eu017844 for ; Wed, 13 Jan 2010 21:27:07 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o0DLR70O017843; Wed, 13 Jan 2010 21:27:07 GMT (envelope-from nobody) Message-Id: <201001132127.o0DLR70O017843@www.freebsd.org> Date: Wed, 13 Jan 2010 21:27:07 GMT From: Sergey Prikhodko To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/142795: mod_fcgid broken large form uploads X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2010 21:30:02 -0000 >Number: 142795 >Category: ports >Synopsis: mod_fcgid broken large form uploads >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Jan 13 21:30:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Sergey Prikhodko >Release: 7.2-RELEASE-p47.2-RELEASE-p4 >Organization: Network-ASP >Environment: FreeBSD xeon.office.network-asp.biz 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct 2 12:21:39 UTC 2009 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: from http://svn.apache.org/viewvc?view=revision&revision=826829: Fix possible corruption or truncation of request bodies which exceed FcgidMaxRequestInMem. If the entire excess had been read from the brigade at the time the limit was exceeded, the bug would be avoided. This is a regression since mod_fcgid 2.2, which effectively ignored FcgidMaxRequestInMem if larger than 8K, since it reset the cumulative request_len counter each time it obtained an input brigade of up to HUGE_STRING_LEN bytes. >How-To-Repeat: try upload large file (>64kb) >Fix: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c?r1=826829&r2=826828&pathrev=826829&view=patch see attached patch Patch attached with submission follows: diff -ruN mod_fcgid.orig/files/patch-modules-fcgid-fcgid_bridge.c mod_fcgid/files/patch-modules-fcgid-fcgid_bridge.c --- mod_fcgid.orig/files/patch-modules-fcgid-fcgid_bridge.c 1970-01-01 03:00:00.000000000 +0300 +++ mod_fcgid/files/patch-modules-fcgid-fcgid_bridge.c 2010-01-13 23:16:36.000000000 +0200 @@ -0,0 +1,39 @@ +--- ./modules/fcgid/fcgid_bridge.c.orig 2009-10-07 14:37:11.000000000 +0300 ++++ ./modules/fcgid/fcgid_bridge.c 2010-01-13 23:15:11.000000000 +0200 +@@ -448,7 +448,6 @@ + int seen_eos; + apr_off_t request_size = 0; + apr_file_t *fd = NULL; +- int need_truncate = 1; + apr_off_t cur_pos = 0; + FCGI_Header *stdin_request_header; + apr_bucket_brigade *output_brigade; +@@ -548,6 +547,15 @@ + apr_pool_userdata_get(&tmp, fd_key, + r->connection->pool); + fd = tmp; ++ ++ if (fd != NULL) { ++ if ((rv = apr_file_trunc(fd, 0)) != APR_SUCCESS) { ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, ++ "mod_fcgid: can't truncate existing " ++ "temporary file"); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } ++ } + } + + if (fd == NULL) { +@@ -574,11 +582,8 @@ + apr_pool_userdata_set((const void *) fd, fd_key, + apr_pool_cleanup_null, + r->connection->pool); +- } else if (need_truncate) { +- need_truncate = 0; +- apr_file_trunc(fd, 0); +- cur_pos = 0; + } ++ + // Write request to tmp file + if ((rv = + apr_file_write_full(fd, (const void *) data, len, >Release-Note: >Audit-Trail: >Unformatted: