Bug 142795

Summary: www/mod_fcgid broken large form uploads
Product: Ports & Packages Reporter: sergey
Component: Individual Port(s)Assignee: Philip M. Gollucci <pgollucci>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description sergey 2010-01-13 21:30:01 UTC 
from http://svn.apache.org/viewvc?view=revision&revision=826829:

Fix possible corruption or truncation of request bodies which exceed
FcgidMaxRequestInMem.  

If the entire excess had been read from the brigade at the time the
limit was exceeded, the bug would be avoided.

This is a regression since mod_fcgid 2.2, which effectively ignored 
FcgidMaxRequestInMem if larger than 8K, since it reset the cumulative
request_len counter each time it obtained an input brigade of up to
HUGE_STRING_LEN bytes.

Fix: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c?r1=826829&r2=826828&pathrev=826829&view=patch

see attached patch

Patch attached with submission follows:
How-To-Repeat: try upload large file (>64kb)
Comment 1 Philip M. Gollucci freebsd_committer freebsd_triage 2010-01-14 00:33:49 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->pgollucci

I'll take it.
Comment 2 Philip M. Gollucci freebsd_committer freebsd_triage 2010-01-18 00:51:31 UTC 
State Changed
From-To: open->feedback

Ask for maintainer approval.
Comment 3 Eric Kraußer 2010-01-26 23:34:13 UTC 
The patch solved this critical bug for me, too.
I request to commit it, because it really can corrupt uploads silently 
(for example webmail attachments).
Comment 4 Philip M. Gollucci freebsd_committer freebsd_triage 2010-01-31 00:37:29 UTC 
State Changed
From-To: feedback->open

Maintainer timeout > 14 days
Comment 5 Philip M. Gollucci freebsd_committer freebsd_triage 2010-02-01 16:59:26 UTC 
State Changed
From-To: open->closed

v2.3.5 is out which includes this fix and should be used instead
Comment 6 sergey 2010-02-01 17:24:44 UTC 
v2.3.5 need to be patched too.

http://svn.apache.org/viewvc?view=3Drevision&revision=3D905302
Comment 7 dfilter service freebsd_committer freebsd_triage 2010-02-05 04:10:32 UTC 
pgollucci    2010-02-05 04:10:24 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_fcgid        Makefile distinfo 
  Added files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_mutex_unix.c 
  Removed files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_conf.c 
  Log:
  - Update 2.3.5 [1]
  - added patch from http://svn.apache.org/viewvc?view=revision&revision=905302  [1]
    (fixes incorrect mutex permissions)
  
  PR:             142795 [2], 143435 [3], 143458 [3], 143563 [1]
  Submitted by:   Sergey Prikhodko <sergey@network-asp.biz>
  Approved by:    maintainer timeout (hemi@puresimplicity.net; 22 days [2])
                  no response from maintainer [3]
  
  Revision  Changes    Path
  1.19      +1 -1      ports/www/mod_fcgid/Makefile
  1.10      +3 -3      ports/www/mod_fcgid/distinfo
  1.2       +0 -13     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_conf.c (dead)
  1.1       +17 -0     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"