Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/2.2/patches
diff options
context:
space:
mode:
Diffstat (limited to '2.2/patches')
-rw-r--r--2.2/patches/26_httpd-2.2.27-CVE-2014-0118.patch309
-rw-r--r--2.2/patches/27_httpd-2.2.27-CVE-2014-0226.patch137
-rw-r--r--2.2/patches/28_httpd-2.2.27-CVE-2014-0231.patch165
3 files changed, 0 insertions, 611 deletions
diff --git a/2.2/patches/26_httpd-2.2.27-CVE-2014-0118.patch b/2.2/patches/26_httpd-2.2.27-CVE-2014-0118.patch
deleted file mode 100644
index 6db06ba..0000000
--- a/2.2/patches/26_httpd-2.2.27-CVE-2014-0118.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-Author: jim
-Date: Thu Jul 17 18:20:46 2014
-New Revision: 1611426
-
-URL: http://svn.apache.org/r1611426
-Log:
-Merge r1610501 from trunk:
-
- *) SECURITY: CVE-2014-0118 (cve.mitre.org)
- mod_deflate: The DEFLATE input filter (inflates request bodies) now
- limits the length and compression ratio of inflated request bodies to avoid
- denial of sevice via highly compressed bodies. See directives
- DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
- and DeflateInflateRatioBurst.
-
-Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.
-
-Submitted By: ylavic, covener
-Reviewed By: jorton, covener, jim
-
-
-
-Submitted by: covener
-Reviewed/backported by: jim
-
-Modified:
- httpd/httpd/branches/2.2.x/ (props changed)
- httpd/httpd/branches/2.2.x/modules/filters/mod_deflate.c
-
-Propchange: httpd/httpd/branches/2.2.x/
-------------------------------------------------------------------------------
- Merged /httpd/httpd/trunk:r1610501
-
-Modified: httpd/httpd/branches/2.2.x/modules/filters/mod_deflate.c
-URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/filters/mod_deflate.c?rev=1611426&r1=1611425&r2=1611426&view=diff
-==============================================================================
---- httpd/httpd/branches/2.2.x/modules/filters/mod_deflate.c (original)
-+++ httpd/httpd/branches/2.2.x/modules/filters/mod_deflate.c Thu Jul 17 18:20:46 2014
-@@ -37,6 +37,7 @@
- #include "httpd.h"
- #include "http_config.h"
- #include "http_log.h"
-+#include "http_core.h"
- #include "apr_lib.h"
- #include "apr_strings.h"
- #include "apr_general.h"
-@@ -51,6 +52,9 @@
- static const char deflateFilterName[] = "DEFLATE";
- module AP_MODULE_DECLARE_DATA deflate_module;
-
-+#define AP_INFLATE_RATIO_LIMIT 200
-+#define AP_INFLATE_RATIO_BURST 3
-+
- typedef struct deflate_filter_config_t
- {
- int windowSize;
-@@ -62,6 +66,12 @@ typedef struct deflate_filter_config_t
- char *note_output_name;
- } deflate_filter_config;
-
-+typedef struct deflate_dirconf_t {
-+ apr_off_t inflate_limit;
-+ int ratio_limit,
-+ ratio_burst;
-+} deflate_dirconf_t;
-+
- /* RFC 1952 Section 2.3 defines the gzip header:
- *
- * +---+---+---+---+---+---+---+---+---+---+
-@@ -193,6 +203,14 @@ static void *create_deflate_server_confi
- return c;
- }
-
-+static void *create_deflate_dirconf(apr_pool_t *p, char *dummy)
-+{
-+ deflate_dirconf_t *dc = apr_pcalloc(p, sizeof(*dc));
-+ dc->ratio_limit = AP_INFLATE_RATIO_LIMIT;
-+ dc->ratio_burst = AP_INFLATE_RATIO_BURST;
-+ return dc;
-+}
-+
- static const char *deflate_set_window_size(cmd_parms *cmd, void *dummy,
- const char *arg)
- {
-@@ -284,6 +302,55 @@ static const char *deflate_set_compressi
- return NULL;
- }
-
-+
-+static const char *deflate_set_inflate_limit(cmd_parms *cmd, void *dirconf,
-+ const char *arg)
-+{
-+ deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;
-+ char *errp;
-+
-+ if (APR_SUCCESS != apr_strtoff(&dc->inflate_limit, arg, &errp, 10)) {
-+ return "DeflateInflateLimitRequestBody is not parsable.";
-+ }
-+ if (*errp || dc->inflate_limit < 0) {
-+ return "DeflateInflateLimitRequestBody requires a non-negative integer.";
-+ }
-+
-+ return NULL;
-+}
-+
-+static const char *deflate_set_inflate_ratio_limit(cmd_parms *cmd,
-+ void *dirconf,
-+ const char *arg)
-+{
-+ deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;
-+ int i;
-+
-+ i = atoi(arg);
-+ if (i <= 0)
-+ return "DeflateInflateRatioLimit must be positive";
-+
-+ dc->ratio_limit = i;
-+
-+ return NULL;
-+}
-+
-+static const char *deflate_set_inflate_ratio_burst(cmd_parms *cmd,
-+ void *dirconf,
-+ const char *arg)
-+{
-+ deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;
-+ int i;
-+
-+ i = atoi(arg);
-+ if (i <= 0)
-+ return "DeflateInflateRatioBurst must be positive";
-+
-+ dc->ratio_burst = i;
-+
-+ return NULL;
-+}
-+
- typedef struct deflate_ctx_t
- {
- z_stream stream;
-@@ -294,8 +361,26 @@ typedef struct deflate_ctx_t
- unsigned char *validation_buffer;
- apr_size_t validation_buffer_length;
- int inflate_init;
-+ int ratio_hits;
-+ apr_off_t inflate_total;
- } deflate_ctx;
-
-+/* Check whether the (inflate) ratio exceeds the configured limit/burst. */
-+static int check_ratio(request_rec *r, deflate_ctx *ctx,
-+ const deflate_dirconf_t *dc)
-+{
-+ if (ctx->stream.total_in) {
-+ int ratio = ctx->stream.total_out / ctx->stream.total_in;
-+ if (ratio < dc->ratio_limit) {
-+ ctx->ratio_hits = 0;
-+ }
-+ else if (++ctx->ratio_hits > dc->ratio_burst) {
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
-+
- /* Number of validation bytes (CRC and length) after the compressed data */
- #define VALIDATION_SIZE 8
- /* Do not update ctx->crc, see comment in flush_libz_buffer */
-@@ -744,6 +829,8 @@ static apr_status_t deflate_in_filter(ap
- int zRC;
- apr_status_t rv;
- deflate_filter_config *c;
-+ deflate_dirconf_t *dc;
-+ apr_off_t inflate_limit;
-
- /* just get out of the way of things we don't want. */
- if (mode != AP_MODE_READBYTES) {
-@@ -751,6 +838,7 @@ static apr_status_t deflate_in_filter(ap
- }
-
- c = ap_get_module_config(r->server->module_config, &deflate_module);
-+ dc = ap_get_module_config(r->per_dir_config, &deflate_module);
-
- if (!ctx) {
- char deflate_hdr[10];
-@@ -803,11 +891,13 @@ static apr_status_t deflate_in_filter(ap
- if (len != 10 ||
- deflate_hdr[0] != deflate_magic[0] ||
- deflate_hdr[1] != deflate_magic[1]) {
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Failed to inflate input: wrong/partial magic bytes");
- return APR_EGENERAL;
- }
-
- /* We can't handle flags for now. */
- if (deflate_hdr[3] != 0) {
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Failed to inflate input: cannot handle deflate flags");
- return APR_EGENERAL;
- }
-
-@@ -831,6 +921,12 @@ static apr_status_t deflate_in_filter(ap
- apr_brigade_cleanup(ctx->bb);
- }
-
-+ inflate_limit = dc->inflate_limit;
-+ if (inflate_limit == 0) {
-+ /* The core is checking the deflated body, we'll check the inflated */
-+ inflate_limit = ap_get_limit_req_body(f->r);
-+ }
-+
- if (APR_BRIGADE_EMPTY(ctx->proc_bb)) {
- rv = ap_get_brigade(f->next, ctx->bb, mode, block, readbytes);
-
-@@ -863,6 +959,17 @@ static apr_status_t deflate_in_filter(ap
-
- ctx->stream.next_out = ctx->buffer;
- len = c->bufferSize - ctx->stream.avail_out;
-+
-+ ctx->inflate_total += len;
-+ if (inflate_limit && ctx->inflate_total > inflate_limit) {
-+ inflateEnd(&ctx->stream);
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
-+ "Inflated content length of %" APR_OFF_T_FMT
-+ " is larger than the configured limit"
-+ " of %" APR_OFF_T_FMT,
-+ ctx->inflate_total, inflate_limit);
-+ return APR_ENOSPC;
-+ }
-
- ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);
- tmp_heap = apr_bucket_heap_create((char *)ctx->buffer, len,
-@@ -891,6 +998,26 @@ static apr_status_t deflate_in_filter(ap
- ctx->stream.next_out = ctx->buffer;
- len = c->bufferSize - ctx->stream.avail_out;
-
-+ ctx->inflate_total += len;
-+ if (inflate_limit && ctx->inflate_total > inflate_limit) {
-+ inflateEnd(&ctx->stream);
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
-+ "Inflated content length of %" APR_OFF_T_FMT
-+ " is larger than the configured limit"
-+ " of %" APR_OFF_T_FMT,
-+ ctx->inflate_total, inflate_limit);
-+ return APR_ENOSPC;
-+ }
-+
-+ if (!check_ratio(r, ctx, dc)) {
-+ inflateEnd(&ctx->stream);
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
-+ "Inflated content ratio is larger than the "
-+ "configured limit %i by %i time(s)",
-+ dc->ratio_limit, dc->ratio_burst);
-+ return APR_EINVAL;
-+ }
-+
- ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);
- tmp_heap = apr_bucket_heap_create((char *)ctx->buffer, len,
- NULL, f->c->bucket_alloc);
-@@ -1003,6 +1130,7 @@ static apr_status_t inflate_out_filter(a
- int zRC;
- apr_status_t rv;
- deflate_filter_config *c;
-+ deflate_dirconf_t *dc;
-
- /* Do nothing if asked to filter nothing. */
- if (APR_BRIGADE_EMPTY(bb)) {
-@@ -1010,6 +1138,7 @@ static apr_status_t inflate_out_filter(a
- }
-
- c = ap_get_module_config(r->server->module_config, &deflate_module);
-+ dc = ap_get_module_config(r->per_dir_config, &deflate_module);
-
- if (!ctx) {
-
-@@ -1272,6 +1401,14 @@ static apr_status_t inflate_out_filter(a
- while (ctx->stream.avail_in != 0) {
- if (ctx->stream.avail_out == 0) {
-
-+ if (!check_ratio(r, ctx, dc)) {
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
-+ "Inflated content ratio is larger than the "
-+ "configured limit %i by %i time(s)",
-+ dc->ratio_limit, dc->ratio_burst);
-+ return APR_EINVAL;
-+ }
-+
- ctx->stream.next_out = ctx->buffer;
- len = c->bufferSize - ctx->stream.avail_out;
-
-@@ -1346,12 +1483,20 @@ static const command_rec deflate_filter_
- "Set the Deflate Memory Level (1-9)"),
- AP_INIT_TAKE1("DeflateCompressionLevel", deflate_set_compressionlevel, NULL, RSRC_CONF,
- "Set the Deflate Compression Level (1-9)"),
-+ AP_INIT_TAKE1("DeflateInflateLimitRequestBody", deflate_set_inflate_limit, NULL, OR_ALL,
-+ "Set a limit on size of inflated input"),
-+ AP_INIT_TAKE1("DeflateInflateRatioLimit", deflate_set_inflate_ratio_limit, NULL, OR_ALL,
-+ "Set the inflate ratio limit above which inflation is "
-+ "aborted (default: " APR_STRINGIFY(AP_INFLATE_RATIO_LIMIT) ")"),
-+ AP_INIT_TAKE1("DeflateInflateRatioBurst", deflate_set_inflate_ratio_burst, NULL, OR_ALL,
-+ "Set the maximum number of following inflate ratios above limit "
-+ "(default: " APR_STRINGIFY(AP_INFLATE_RATIO_BURST) ")"),
- {NULL}
- };
-
- module AP_MODULE_DECLARE_DATA deflate_module = {
- STANDARD20_MODULE_STUFF,
-- NULL, /* dir config creater */
-+ create_deflate_dirconf, /* dir config creater */
- NULL, /* dir merger --- default is to override */
- create_deflate_server_config, /* server config */
- NULL, /* merge server config */
diff --git a/2.2/patches/27_httpd-2.2.27-CVE-2014-0226.patch b/2.2/patches/27_httpd-2.2.27-CVE-2014-0226.patch
deleted file mode 100644
index 51f974e..0000000
--- a/2.2/patches/27_httpd-2.2.27-CVE-2014-0226.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-Author: jorton
-Date: Mon Jul 14 20:34:32 2014
-New Revision: 1610515
-
-URL: http://svn.apache.org/r1610515
-Log:
-Merge 1610491 from trunk:
-
-SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,
-which could lead to a heap buffer overflow. Thanks to Marek Kroemeke
-working with HP's Zero Day Initiative for reporting this.
-
-* include/scoreboard.h: Add ap_copy_scoreboard_worker.
-
-* server/scoreboard.c (ap_copy_scoreboard_worker): New function.
-
-* modules/generators/mod_status.c (status_handler): Use it.
-
-Reviewed by: trawick, jorton, covener
-Submitted by: jorton, trawick, covener
-
-Modified:
- httpd/httpd/branches/2.2.x/ (props changed)
- httpd/httpd/branches/2.2.x/include/ap_mmn.h
- httpd/httpd/branches/2.2.x/include/scoreboard.h
- httpd/httpd/branches/2.2.x/modules/generators/mod_status.c
- httpd/httpd/branches/2.2.x/server/scoreboard.c
-
-Propchange: httpd/httpd/branches/2.2.x/
-------------------------------------------------------------------------------
- Merged /httpd/httpd/trunk:r1610491
-
-Modified: httpd/httpd/branches/2.2.x/include/ap_mmn.h
-URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/ap_mmn.h?rev=1610515&r1=1610514&r2=1610515&view=diff
-==============================================================================
---- httpd/httpd/branches/2.2.x/include/ap_mmn.h (original)
-+++ httpd/httpd/branches/2.2.x/include/ap_mmn.h Mon Jul 14 20:34:32 2014
-@@ -151,6 +151,7 @@
- * 20051115.31 (2.2.23) Add forcerecovery to proxy_balancer_shared struct
- * 20051115.32 (2.2.24) Add ap_get_exec_line
- * 20051115.33 (2.2.24) Add ap_pregsub_ex()
-+ * 20051115.34 (2.2.28) Add ap_copy_scoreboard_worker()
- */
-
- #define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */
-@@ -158,7 +159,7 @@
- #ifndef MODULE_MAGIC_NUMBER_MAJOR
- #define MODULE_MAGIC_NUMBER_MAJOR 20051115
- #endif
--#define MODULE_MAGIC_NUMBER_MINOR 33 /* 0...n */
-+#define MODULE_MAGIC_NUMBER_MINOR 34 /* 0...n */
-
- /**
- * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
-
-Modified: httpd/httpd/branches/2.2.x/include/scoreboard.h
-URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/scoreboard.h?rev=1610515&r1=1610514&r2=1610515&view=diff
-==============================================================================
---- httpd/httpd/branches/2.2.x/include/scoreboard.h (original)
-+++ httpd/httpd/branches/2.2.x/include/scoreboard.h Mon Jul 14 20:34:32 2014
-@@ -189,7 +189,24 @@ AP_DECLARE(int) ap_update_child_status_f
- int status, request_rec *r);
- void ap_time_process_request(ap_sb_handle_t *sbh, int status);
-
-+/** Return a pointer to the worker_score for a given child, thread pair.
-+ * @param child_num The child number.
-+ * @param thread_num The thread number.
-+ * @return A pointer to the worker_score structure.
-+ * @deprecated This function is deprecated, use ap_copy_scoreboard_worker instead.
-+ */
- AP_DECLARE(worker_score *) ap_get_scoreboard_worker(int x, int y);
-+
-+/** Copy the contents of a worker's scoreboard entry. The contents of
-+ * the worker_score structure are copied verbatim into the dest
-+ * structure.
-+ * @param dest Output parameter.
-+ * @param child_num The child number.
-+ * @param thread_num The thread number.
-+ */
-+AP_DECLARE(void) ap_copy_scoreboard_worker(worker_score *dest,
-+ int child_num, int thread_num);
-+
- AP_DECLARE(process_score *) ap_get_scoreboard_process(int x);
- AP_DECLARE(global_score *) ap_get_scoreboard_global(void);
- AP_DECLARE(lb_score *) ap_get_scoreboard_lb(int lb_num);
-
-Modified: httpd/httpd/branches/2.2.x/modules/generators/mod_status.c
-URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/generators/mod_status.c?rev=1610515&r1=1610514&r2=1610515&view=diff
-==============================================================================
---- httpd/httpd/branches/2.2.x/modules/generators/mod_status.c (original)
-+++ httpd/httpd/branches/2.2.x/modules/generators/mod_status.c Mon Jul 14 20:34:32 2014
-@@ -241,7 +241,7 @@ static int status_handler(request_rec *r
- #endif
- int short_report;
- int no_table_report;
-- worker_score *ws_record;
-+ worker_score *ws_record = apr_palloc(r->pool, sizeof *ws_record);
- process_score *ps_record;
- char *stat_buffer;
- pid_t *pid_buffer, worker_pid;
-@@ -333,7 +333,7 @@ static int status_handler(request_rec *r
- for (j = 0; j < thread_limit; ++j) {
- int indx = (i * thread_limit) + j;
-
-- ws_record = ap_get_scoreboard_worker(i, j);
-+ ap_copy_scoreboard_worker(ws_record, i, j);
- res = ws_record->status;
- stat_buffer[indx] = status_flags[res];
-
-
-Modified: httpd/httpd/branches/2.2.x/server/scoreboard.c
-URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/scoreboard.c?rev=1610515&r1=1610514&r2=1610515&view=diff
-==============================================================================
---- httpd/httpd/branches/2.2.x/server/scoreboard.c (original)
-+++ httpd/httpd/branches/2.2.x/server/scoreboard.c Mon Jul 14 20:34:32 2014
-@@ -510,6 +510,21 @@ AP_DECLARE(worker_score *) ap_get_scoreb
- return &ap_scoreboard_image->servers[x][y];
- }
-
-+AP_DECLARE(void) ap_copy_scoreboard_worker(worker_score *dest,
-+ int child_num,
-+ int thread_num)
-+{
-+ worker_score *ws = ap_get_scoreboard_worker(child_num, thread_num);
-+
-+ memcpy(dest, ws, sizeof *ws);
-+
-+ /* For extra safety, NUL-terminate the strings returned, though it
-+ * should be true those last bytes are always zero anyway. */
-+ dest->client[sizeof(dest->client) - 1] = '\0';
-+ dest->request[sizeof(dest->request) - 1] = '\0';
-+ dest->vhost[sizeof(dest->vhost) - 1] = '\0';
-+}
-+
- AP_DECLARE(process_score *) ap_get_scoreboard_process(int x)
- {
- if ((x < 0) || (server_limit < x)) {
diff --git a/2.2/patches/28_httpd-2.2.27-CVE-2014-0231.patch b/2.2/patches/28_httpd-2.2.27-CVE-2014-0231.patch
deleted file mode 100644
index e7911e0..0000000
--- a/2.2/patches/28_httpd-2.2.27-CVE-2014-0231.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-Author: wrowe
-Date: Wed Jul 16 20:56:51 2014
-New Revision: 1611185
-
-URL: http://svn.apache.org/r1611185
-Log:
-SECURITY: CVE-2014-0231
-
- mod_cgid: Fix a denial of service against CGI scripts that do
- not consume stdin that could lead to lingering HTTPD child processes
- filling up the scoreboard and eventually hanging the server.
-
-Submitted by: Rainer Jung, Eric Covener, Yann Ylavic
-Backports: r1610509, r1535125
-Reviewed by: covener, trawick, ylavic
-
-Modified:
- httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c
-
-Modified: httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c
-URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c?rev=1611185&r1=1611184&r2=1611185&view=diff
-==============================================================================
---- httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c (original)
-+++ httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c Wed Jul 16 20:56:51 2014
-@@ -93,6 +93,10 @@ static const char *sockname;
- static pid_t parent_pid;
- static ap_unix_identity_t empty_ugid = { (uid_t)-1, (gid_t)-1, -1 };
-
-+typedef struct {
-+ apr_interval_time_t timeout;
-+} cgid_dirconf;
-+
- /* The APR other-child API doesn't tell us how the daemon exited
- * (SIGSEGV vs. exit(1)). The other-child maintenance function
- * needs to decide whether to restart the daemon after a failure
-@@ -934,7 +938,14 @@ static void *merge_cgid_config(apr_pool_
- return overrides->logname ? overrides : base;
- }
-
-+static void *create_cgid_dirconf(apr_pool_t *p, char *dummy)
-+{
-+ cgid_dirconf *c = (cgid_dirconf *) apr_pcalloc(p, sizeof(cgid_dirconf));
-+ return c;
-+}
-+
- static const char *set_scriptlog(cmd_parms *cmd, void *dummy, const char *arg)
-+
- {
- server_rec *s = cmd->server;
- cgid_server_conf *conf = ap_get_module_config(s->module_config,
-@@ -987,7 +998,16 @@ static const char *set_script_socket(cmd
-
- return NULL;
- }
-+static const char *set_script_timeout(cmd_parms *cmd, void *dummy, const char *arg)
-+{
-+ cgid_dirconf *dc = dummy;
-
-+ if (ap_timeout_parameter_parse(arg, &dc->timeout, "s") != APR_SUCCESS) {
-+ return "CGIDScriptTimeout has wrong format";
-+ }
-+
-+ return NULL;
-+}
- static const command_rec cgid_cmds[] =
- {
- AP_INIT_TAKE1("ScriptLog", set_scriptlog, NULL, RSRC_CONF,
-@@ -999,6 +1019,10 @@ static const command_rec cgid_cmds[] =
- AP_INIT_TAKE1("ScriptSock", set_script_socket, NULL, RSRC_CONF,
- "the name of the socket to use for communication with "
- "the cgi daemon."),
-+ AP_INIT_TAKE1("CGIDScriptTimeout", set_script_timeout, NULL, RSRC_CONF | ACCESS_CONF,
-+ "The amount of time to wait between successful reads from "
-+ "the CGI script, in seconds."),
-+
- {NULL}
- };
-
-@@ -1335,11 +1359,15 @@ static int cgid_handler(request_rec *r)
- apr_file_t *tempsock;
- struct cleanup_script_info *info;
- apr_status_t rv;
-+ cgid_dirconf *dc;
-
- if (strcmp(r->handler,CGI_MAGIC_TYPE) && strcmp(r->handler,"cgi-script"))
- return DECLINED;
-
- conf = ap_get_module_config(r->server->module_config, &cgid_module);
-+ dc = ap_get_module_config(r->per_dir_config, &cgid_module);
-+
-+
- is_included = !strcmp(r->protocol, "INCLUDED");
-
- if ((argv0 = strrchr(r->filename, '/')) != NULL)
-@@ -1412,6 +1440,12 @@ static int cgid_handler(request_rec *r)
- */
-
- apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
-+ if (dc->timeout > 0) {
-+ apr_file_pipe_timeout_set(tempsock, dc->timeout);
-+ }
-+ else {
-+ apr_file_pipe_timeout_set(tempsock, r->server->timeout);
-+ }
- apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket);
-
- if ((argv0 = strrchr(r->filename, '/')) != NULL)
-@@ -1487,6 +1521,10 @@ static int cgid_handler(request_rec *r)
- if (rv != APR_SUCCESS) {
- /* silly script stopped reading, soak up remaining message */
- child_stopped_reading = 1;
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
-+ "Error writing request body to script %s",
-+ r->filename);
-+
- }
- }
- apr_brigade_cleanup(bb);
-@@ -1577,7 +1615,13 @@ static int cgid_handler(request_rec *r)
- return HTTP_MOVED_TEMPORARILY;
- }
-
-- ap_pass_brigade(r->output_filters, bb);
-+ rv = ap_pass_brigade(r->output_filters, bb);
-+ if (rv != APR_SUCCESS) {
-+ /* APLOG_ERR because the core output filter message is at error,
-+ * but doesn't know it's passing CGI output
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "Failed to flush CGI output to client");
-+ }
- }
-
- if (nph) {
-@@ -1707,6 +1751,8 @@ static int include_cmd(include_ctx_t *ct
- request_rec *r = f->r;
- cgid_server_conf *conf = ap_get_module_config(r->server->module_config,
- &cgid_module);
-+ cgid_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgid_module);
-+
- struct cleanup_script_info *info;
-
- add_ssi_vars(r);
-@@ -1736,6 +1782,13 @@ static int include_cmd(include_ctx_t *ct
- * get rid of the cleanup we registered when we created the socket.
- */
- apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
-+ if (dc->timeout > 0) {
-+ apr_file_pipe_timeout_set(tempsock, dc->timeout);
-+ }
-+ else {
-+ apr_file_pipe_timeout_set(tempsock, r->server->timeout);
-+ }
-+
- apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket);
-
- APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pipe_create(tempsock,
-@@ -1841,7 +1894,7 @@ static void register_hook(apr_pool_t *p)
-
- module AP_MODULE_DECLARE_DATA cgid_module = {
- STANDARD20_MODULE_STUFF,
-- NULL, /* dir config creater */
-+ create_cgid_dirconf, /* dir config creater */
- NULL, /* dir merger --- default is to override */
- create_cgid_config, /* server config */
- merge_cgid_config, /* merge server config */