Several people in the past have reported problems with large uploads
and Apache consumimg all available memory.
Although it is claimed that "MaxRequestInMem" and "MaxRequestLen" introduced
in mod_fcgid 2.2 can be used to overcome this memory consumption problem,
it appears that it does not work as intended and the bug remains.
Essentially this can quickly and easily result in a DoS attack.
Memory of the Apache child process appears to increase by approximately the size
of the file being uploaded. For example, if I upload a 100MB file the
Apache child
will grow by around 100MB of memory.
I'm not much of a programmer, but I've taken a look at the code. In
fcgid_bridge.c,
line 552, there is the following:
if (request_size > max_mem_request_len) {
Just before this line is executed, I added a line in source code to log the
values
of 'request_size' and 'max_mem_request_len'. The value of request_size is
usually 8000
but is sometimes less than that, but never more than 8000. The value of
max_mem_request_len is 65536, which is the default value (64KB).
Therefore, as request_size is not greater than max_mem_request_len, the block
of code added to use a temporary file is never executed.
I'm using these versions on a Linux system
Apache 2.2.8
mod_fcgid 2.2
PHP 5.2.6
I would greatly appeciate if the mod_fcgid developers could take another look
this
problem. I am willing to test any patches in order to assist with fixing
this problem.
Regards
-Frank
__________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users