Bug 142795 - www/mod_fcgid broken large form uploads
www/mod_fcgid broken large form uploads
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Philip M. Gollucci
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-01-13 21:30 UTC by sergey
Modified: 2010-02-05 04:20 UTC (History)
0 users

See Also:


Attachments
file.diff (1.93 KB, patch)
2010-01-13 21:30 UTC, sergey
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description sergey 2010-01-13 21:30:01 UTC
from http://svn.apache.org/viewvc?view=revision&revision=826829:

Fix possible corruption or truncation of request bodies which exceed
FcgidMaxRequestInMem.  

If the entire excess had been read from the brigade at the time the
limit was exceeded, the bug would be avoided.

This is a regression since mod_fcgid 2.2, which effectively ignored 
FcgidMaxRequestInMem if larger than 8K, since it reset the cumulative
request_len counter each time it obtained an input brigade of up to
HUGE_STRING_LEN bytes.

Fix: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c?r1=826829&r2=826828&pathrev=826829&view=patch

see attached patch

Patch attached with submission follows:
How-To-Repeat: try upload large file (>64kb)
Comment 1 Philip M. Gollucci freebsd_committer 2010-01-14 00:33:49 UTC
Responsible Changed
From-To: freebsd-ports-bugs->pgollucci

I'll take it.
Comment 2 Philip M. Gollucci freebsd_committer 2010-01-18 00:51:31 UTC
State Changed
From-To: open->feedback

Ask for maintainer approval.
Comment 3 eric 2010-01-26 23:34:13 UTC
The patch solved this critical bug for me, too.
I request to commit it, because it really can corrupt uploads silently 
(for example webmail attachments).
Comment 4 Philip M. Gollucci freebsd_committer 2010-01-31 00:37:29 UTC
State Changed
From-To: feedback->open

Maintainer timeout > 14 days
Comment 5 Philip M. Gollucci freebsd_committer 2010-02-01 16:59:26 UTC
State Changed
From-To: open->closed

v2.3.5 is out which includes this fix and should be used instead
Comment 6 sergey 2010-02-01 17:24:44 UTC
v2.3.5 need to be patched too.

http://svn.apache.org/viewvc?view=3Drevision&revision=3D905302
Comment 7 dfilter freebsd_committer 2010-02-05 04:10:32 UTC
pgollucci    2010-02-05 04:10:24 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_fcgid        Makefile distinfo 
  Added files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_mutex_unix.c 
  Removed files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_conf.c 
  Log:
  - Update 2.3.5 [1]
  - added patch from http://svn.apache.org/viewvc?view=revision&revision=905302  [1]
    (fixes incorrect mutex permissions)
  
  PR:             142795 [2], 143435 [3], 143458 [3], 143563 [1]
  Submitted by:   Sergey Prikhodko <sergey@network-asp.biz>
  Approved by:    maintainer timeout (hemi@puresimplicity.net; 22 days [2])
                  no response from maintainer [3]
  
  Revision  Changes    Path
  1.19      +1 -1      ports/www/mod_fcgid/Makefile
  1.10      +3 -3      ports/www/mod_fcgid/distinfo
  1.2       +0 -13     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_conf.c (dead)
  1.1       +17 -0     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"