Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates
* modules/generators/mod_cgid.c (get_req): Add basic sanity

checking for the structure received in the CGI daemon.

* modules/generators/mod_cgid.c (cgid_handler): Bail immediately with

a 503 response on errors when talking to the daemon. Check the pid

returned is not zero.

  1. … 1 more file in changeset.
Add missing pool tags to help debugging.
  1. … 41 more files in changeset.
* modules/generators/cgi_common.h (cgi_handle_request): Factor out

near-identical common code from mod_cgid, mod_cgi.

* modules/generators/mod_cgid.c (cgid_handler),

modules/generators/mod_cgi.c (cgi_handler):

Adjust to use cgi_handle_request.

Github: closes #97

  1. … 2 more files in changeset.
Fix build broken w/o --enable-cgid-fdpassing by r1867968:

* modules/generators/cgi_common.h: Only define CGI bucket type

if WANT_CGI_BUCKET is defined.

* modules/generators/mod_cgi.c: Always include cgi_common.h, defining


* modules/generators/mod_cgid.c: Always include cgi_common.h, defining

WANT_CGI_BUCKET iff HAVE_CGID_FDPASSING (--enable-cgid-fdpassing).

  1. … 2 more files in changeset.
Move common (and near-identical) code for CGI response output handling

to cgi_common.h; the diff between the modules for this code was as


Change from previous: mod_cgi will now explicitly discard output when

returning HTTP_MOVED_TEMPORARILY for relative redirects (should not be

functionally different), TRACE1 logging of ap_pass_brigade failures

for mod_cgid is dropped.

* modules/generators/cgi_common.h (cgi_handle_response): New function,

factored out from mod_cgid.

(discard_script_output): Copied function from mod_cgi/d unchanged.

* modules/generator/mod_cgid.c (cgid_handler),

modules/generator/mod_cgi.c (cgi_handler): Use cgi_handle_response.

  1. … 2 more files in changeset.
* modules/generators/mod_cgid.c (sock_readhdr): Only set up control

message block when required; add some additional error handling.

mod_cgid: Continuation of r1862968, experimental fd passing support.

Split out CGI bucket implementation from mod_cgi and use in both

mod_cgi and mod_cgid, bringing stderr handling in mod_cgid up to par

with mod_cgi. (There is a lot of code which has been copied between

mod_cgi{,d} so there's scope for further reduction of source

duplication between the modules using this header)

* modules/generators/cgi_common.h: Copied from mod_cgi.c, removed

everything but the CGI bucket implementation with only one change:

(struct cgi_bucket_data, cgi_bucket_create, cgi_bucket_read): Take a

timeout on bucket creation, store and use on reads.

* modules/generators/mod_cgi.c [APR_FILES_AS_SOCKETS]: Include


(cgi_handler): Pass configured timeout to CGI bucket.

* modules/generators/mod_cgid.c: Include cgi_common.h.

(log_script_err): Copy from mod_cgi.c.

(log_script): Use log_script_err.

(send_req): Take fd for stderr.

(cgid_child_errfn): Handle fd-passing case by writing error

to stderr for client to pass through ap_log_rerror.

(cgid_handler): Create pipe for stderr, pass write-end to

server via send_req, use read-end to create CGI bucket. Handle

stderr output in failure paths.

PR: 54221

  1. … 3 more files in changeset.
Add experimental support for fd passing in mod_cgid. Attaches CGI

script stderr to the error log specific to the vhost, by passing the

appropriate fd over the AF_UNIX socket from the request handling

thread to the cgid server process.

* modules/generators/config5.m4: Add --enable-cgid-fdpassing.

* modules/generators/mod_cgid.c (sock_readhdr): New function, also

returns auxiliary control data (the stderr fd) if available.

(sock_write): Take optional aux fd argument, send it as control

data. (send_req, get_req): Adjust accordingly to pass/receive the

stderr fd.

(cgid_server): Use passed fd if available, limit the lifetime.

PR: 60692

  1. … 1 more file in changeset.
Follow up to r1739201.

These APR_TIMEUP special cases are now handled by ap_map_http_request_error().

  1. … 2 more files in changeset.
Stash the cgi PID earlier in mod_cgid

In some cases, a 2nd CGI using the same c->id can get into

the mod_cgid handler before cleanups have been run, causing

the new CGI pid to be used by the first CGI's cleanup function.

Instead of stashing c->id in the request processing thread,

just use it before leaving the handler to get the pid.

May indirectly fix PR57771, but it must have a slightly different

cause because stashing the conn_id slightly differently was

supposed to be sufficient there.

  1. … 1 more file in changeset.
mod_cgi/mod_cgid documentation about environment variables added (like DOCUMENT_ROOT).

Bug: 58305

  1. … 2 more files in changeset.
Remove APLOGNO after moving log message to

TRACE1 in r1724847.

Added many log numbers to log statements that

had none.

Those were not detected by the coccinelle script.

  1. … 34 more files in changeset.
flush errors are TRACE1 in the core output filter now.

  1. … 1 more file in changeset.
Follow up to r1715880: revert more abusive ap_casecmpstr[n]() usages.
  1. … 7 more files in changeset.
Use new ap_casecmpstr[n]() functions where appropriate (not exhaustive).

  1. … 32 more files in changeset.
Revert r1715789: will re-commit without spurious functional changes.

  1. … 32 more files in changeset.
Use new ap_casecmpstr[n]() functions where appropriate (not exhaustive).

[Reverted by r1715869]

  1. … 32 more files in changeset.
Followup to r1667385, my sandbox was out of date.

  1. … 1 more file in changeset.
Retry ENOENT like ECONNREFUSED, but only near a server restart.


Submitted By: Edward Lu

Committed By: covener

  1. … 1 more file in changeset.
core, modules: like r1657897 but for core and other modules than mod_proxy.

More uses of ap_map_http_request_error() and AP_FILTER_ERROR so that we never

return an HTTP error status from a handler if some filter generated a response


That is, from a handler, either ap_get_brigade() (an input filter) returned

AP_FILTER_ERROR and we must forward it to ap_die(), or ap_pass_brigade() (an

output filter) failed with any status and we must return AP_FILTER_ERROR in

any case for ap_die() to determine whether a response is needed or not.

  1. … 15 more files in changeset.
Add missing APLOGNO + fix a typo in a comment
  1. … 2 more files in changeset.
SECURITY: CVE-2014-0231 ( Part two of two, with r1535125:

mod_cgid: Fix a denial of service against CGI scripts that do

not consume stdin that could lead to lingering HTTPD child processes

filling up the scoreboard and eventually hanging the server.

[Rainer Jung, Eric Covener, Yann Ylavic]

Submitted By: rjung, covener, ylavic

Reviewed By: trawick, jorton, covener, jim

follow-up to r1096569:

remove unnecessary total_modules calculation

SECURITY (CVE-2014-0231): Fix for DoS due to hang waiting for CGI script.

Patch one of two.

Permit a read timeout to be used in mod_cgid to give up on a slow CGI script.

In trunk, it defaults to the servers Timeout. PR43494

Submitted By: Eric Covener, Toshikuni Fukaya

Reviewed By: Eric Covener

  1. … 5 more files in changeset.
core: Stop the HTTP_IN filter from attempting to write error buckets

to the output filters, which is bogus in the proxy case. Create a

clean mapping from APR codes to HTTP status codes, and use it where


  1. … 11 more files in changeset.
Code clean up (remove useless memory allocation)

Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>

PR: 52648

  1. … 4 more files in changeset.
Replace use of apr_file_write() with apr_file_write_full() to prevent

incomplete writes.

Add comments in some places where error handling/logging is missing.

PR: 53131.

Submitted by: Nicolas Viennot <apache viennot biz>, Stefan Fritsch

  1. … 9 more files in changeset.
Move away from DEFAULT_REL_RUNTIMEDIR and use ap_runtime_dir_relative()


  1. … 4 more files in changeset.