Bug 142795 - www/mod_fcgid broken large form uploads
Summary: www/mod_fcgid broken large form uploads
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Philip M. Gollucci
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-13 21:30 UTC by sergey
Modified: 2010-02-05 04:20 UTC (History)
0 users

See Also:

Attachments
file.diff (1.93 KB, patch)
2010-01-13 21:30 UTC, sergey 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description sergey 2010-01-13 21:30:01 UTC 
from http://svn.apache.org/viewvc?view=revision&revision=826829:

Fix possible corruption or truncation of request bodies which exceed
FcgidMaxRequestInMem.  

If the entire excess had been read from the brigade at the time the
limit was exceeded, the bug would be avoided.

This is a regression since mod_fcgid 2.2, which effectively ignored 
FcgidMaxRequestInMem if larger than 8K, since it reset the cumulative
request_len counter each time it obtained an input brigade of up to
HUGE_STRING_LEN bytes.

Fix: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c?r1=826829&r2=826828&pathrev=826829&view=patch

see attached patch

Patch attached with submission follows:
How-To-Repeat: try upload large file (>64kb)
Comment 1 Philip M. Gollucci freebsd_committer freebsd_triage 2010-01-14 00:33:49 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->pgollucci

I'll take it.
Comment 2 Philip M. Gollucci freebsd_committer freebsd_triage 2010-01-18 00:51:31 UTC 
State Changed
From-To: open->feedback

Ask for maintainer approval.
Comment 3 Eric Kraußer 2010-01-26 23:34:13 UTC 
The patch solved this critical bug for me, too.
I request to commit it, because it really can corrupt uploads silently 
(for example webmail attachments).
Comment 4 Philip M. Gollucci freebsd_committer freebsd_triage 2010-01-31 00:37:29 UTC 
State Changed
From-To: feedback->open

Maintainer timeout > 14 days
Comment 5 Philip M. Gollucci freebsd_committer freebsd_triage 2010-02-01 16:59:26 UTC 
State Changed
From-To: open->closed

v2.3.5 is out which includes this fix and should be used instead
Comment 6 sergey 2010-02-01 17:24:44 UTC 
v2.3.5 need to be patched too.

http://svn.apache.org/viewvc?view=3Drevision&revision=3D905302
Comment 7 dfilter service freebsd_committer freebsd_triage 2010-02-05 04:10:32 UTC 
pgollucci    2010-02-05 04:10:24 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_fcgid        Makefile distinfo 
  Added files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_mutex_unix.c 
  Removed files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_conf.c 
  Log:
  - Update 2.3.5 [1]
  - added patch from http://svn.apache.org/viewvc?view=revision&revision=905302  [1]
    (fixes incorrect mutex permissions)
  
  PR:             142795 [2], 143435 [3], 143458 [3], 143563 [1]
  Submitted by:   Sergey Prikhodko <sergey@network-asp.biz>
  Approved by:    maintainer timeout (hemi@puresimplicity.net; 22 days [2])
                  no response from maintainer [3]
  
  Revision  Changes    Path
  1.19      +1 -1      ports/www/mod_fcgid/Makefile
  1.10      +3 -3      ports/www/mod_fcgid/distinfo
  1.2       +0 -13     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_conf.c (dead)
  1.1       +17 -0     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"