>Number: 2720
>Category: os-windows
>Synopsis: ISAPI: loss of POSTed data
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Jul 27 10:10:00 PDT 1998
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.1
>Environment:
Windows NT Workstation 4.0 SP3
MSVC++ 5.0
Netscape Navigator 3.0, 4.05
Internet Explorer 4.0 (4.72.3110.8)
>Description:
If the data POSTed by a browser exceeds some size, the call to
ap_get_client_block() in isapi_handler() only retrieves the first part of the
data. The size is not fixed; I've observed the problem with Navigator with
POSTs in the 13K-18K range (of which about 9K-13K was read), and with IE with
POSTs in the 18K range (of which roughly 16K was read).
The browsers are apparently sending the data in chunks, because a subsequent
call to ap_get_client_block() fetches more bytes.
>How-To-Repeat:
POST a lot of data from a form to an ISAPI DLL. It doesn't seem to make much
difference whether you use a few large inputs or a lot of small ones. You can
use any valid ISAPI DLL, since the problem is entirely on the server side.
>Fix:
Replace the following code in isapi_handler():
if ((read = ap_get_client_block(r, ecb->lpbData, to_read)) < 0) {
if (isapi_term) (*isapi_term)(HSE_TERM_MUST_UNLOAD);
FreeLibrary(isapi_handle);
return SERVER_ERROR;
}
with something like the following:
read = 0;
while (to_read - read > 0)
{
long this_read;
if ((this_read = ap_get_client_block(r, ecb->lpbData + read,
to_read - read)) <= 0) {
if (isapi_term) (*isapi_term)(HSE_TERM_MUST_UNLOAD);
FreeLibrary(isapi_handle);
return SERVER_ERROR;
}
read += this_read;
}
This code works, but may not comply with your coding style.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
