Re: svn commit: r1610509 - /httpd/httpd/trunk/modules/generators/mod_cgid.c

[Marion Christophe JAILLET]

Hi,

no APLOGNO ?

Best regards,
CJ

Le 14/07/2014 22:08, cove...@apache.org a écrit :

Author: covener
Date: Mon Jul 14 20:08:25 2014
New Revision: 1610509

URL: http://svn.apache.org/r1610509
Log:
*) SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server.
[Rainer Jung, Eric Covener, Yann Ylavic]

Submitted By: rjung, covener, ylavic
Reviewed By: trawick, jorton, covener, jim



Modified:
 httpd/httpd/trunk/modules/generators/mod_cgid.c

Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1610509r1=1610508r2=1610509view=diff
==
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Mon Jul 14 20:08:25 2014
@@ -1551,6 +1551,10 @@ static int cgid_handler(request_rec *r)
  if (rv != APR_SUCCESS) {
  /* silly script stopped reading, soak up remaining message */
  child_stopped_reading = 1;
+ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+  Error writing request body to script %s,
+  r-filename);
+
  }

Re: svn commit: r1610509 - /httpd/httpd/trunk/modules/generators/mod_cgid.c

[Eric Covener]

On Mon, Jul 14, 2014 at 4:27 PM, Marion  Christophe JAILLET
christophe.jail...@wanadoo.fr wrote:
 Hi,

 no APLOGNO ?

ty, can you help remedy in trunk and 2.4?

Re: svn commit: r1610509 - /httpd/httpd/trunk/modules/generators/mod_cgid.c

[Marion Christophe JAILLET]

Le 14/07/2014 22:28, Eric Covener a écrit :

On Mon, Jul 14, 2014 at 4:27 PM, Marion  Christophe JAILLET
christophe.jail...@wanadoo.fr wrote:

Hi,

no APLOGNO ?

ty, can you help remedy in trunk and 2.4?


np. I also have added empty APLOGNO in mod_deflate + fix a comment.

r1610518 in trunk
r1610522 in 2.4.x

CJ