rpluem at apache
Jun 11, 2009, 5:32 AM
Post #1 of 1
(194 views)
Permalink
|
|
svn commit: r783740 - in /httpd/httpd/trunk: CHANGES modules/generators/mod_cgid.c
|
|
Author: rpluem
Date: Thu Jun 11 12:32:59 2009
New Revision: 783740
URL: http://svn.apache.org/viewvc?rev=783740&view=rev
Log:
* Close the listening Unix socket of the mod_cgid daemon in the CGI scripts.
PR: 47335
Submitted by: Kornél Pál <kornelpal gmail.com>
Reviewed by: rpluem
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/generators/mod_cgid.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=783740&r1=783739&r2=783740&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Jun 11 12:32:59 2009
@@ -6,8 +6,11 @@
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]
+ *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
+ CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
+
*) mod_rewrite: Remove locking for writing to the rewritelog.
- PR 46942 [Dan Poirier <poirier pobox.com>]
+ PR 46942 [Dan Poirier <poirier pobox.com>]
*) mod_alias: check sanity in Redirect arguments.
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=783740&r1=783739&r2=783740&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Thu Jun 11 12:32:59 2009
@@ -302,6 +302,13 @@
}
#endif
+static apr_status_t close_unix_socket(void *thefd)
+{
+ int fd = (int)((long)thefd);
+
+ return close(fd);
+}
+
/* deal with incomplete reads and signals
* assume you really have to read buf_size bytes
*/
@@ -653,6 +660,9 @@
}
}
+ apr_pool_cleanup_register(pcgi, (void *)((long)sd),
+ close_unix_socket, close_unix_socket);
+
/* if running as root, switch to configured user/group */
if ((rc = ap_run_drop_privileges(pcgi, ap_server_conf)) != 0) {
return rc;
@@ -1152,13 +1162,6 @@
return ret;
}
-static apr_status_t close_unix_socket(void *thefd)
-{
- int fd = (int)((long)thefd);
-
- return close(fd);
-}
-
static int connect_to_daemon(int *sdptr, request_rec *r,
cgid_server_conf *conf)
{
|
