DO NOT REPLY [Bug 53131] New: apr_file_write() incorrectly used

Sun, 22 Apr 2012 21:47:05 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=53131

             Bug #: 53131
           Summary: apr_file_write() incorrectly used
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: All
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


In most cases, developers assume that when apr_file_write() returns
APR_SUCCESS, everything went well, and move on.
In reality, apr_file_write() returns APR_SUCCESS if *some* bytes got written
successfully. One of the many cases when this could happen is when the server
receive a signal in the middle of the write() system call. The kernel will not
return -EINTR, but the number of bytes that have been written so far. The
caller needs to check that all the bytes to write have been successfully
written. This is more or less implemented by apr_file_write_full().

I wrote a fix for mod_log_config because log file corruption is sad.
Patch is here: https://github.com/nviennot/apache-httpd/commit/fcbc7ed94
Note: flush_log() returns void, albeit apr_file_write_full() may fail.


This issue is present in different part of the code base. Following a list of
highly suspicious calls:
https://github.com/apache/httpd/blob/62db628c/modules/slotmem/mod_slotmem_shm.c#L169
https://github.com/apache/httpd/blob/62db628c/modules/mappers/mod_rewrite.c#L1404
https://github.com/apache/httpd/blob/62db628c/modules/mappers/mod_rewrite.c#L1414
https://github.com/apache/httpd/blob/62db628c/modules/generators/mod_cgid.c#L1158
https://github.com/apache/httpd/blob/62db628c/modules/generators/mod_cgi.c#L298
https://github.com/apache/httpd/blob/62db628c/modules/cache/mod_cache_disk.c#L742
https://github.com/apache/httpd/blob/62db628c/modules/cache/mod_cache_disk.c#L752
https://github.com/apache/httpd/blob/62db628c/modules/cache/mod_cache_disk.c#L901
https://github.com/apache/httpd/blob/62db628c/modules/cache/mod_cache_disk.c#L910
https://github.com/apache/httpd/blob/62db628c/modules/cache/mod_cache_disk.c#L977
https://github.com/apache/httpd/blob/62db628c/modules/cache/mod_cache_disk.c#L988
https://github.com/apache/httpd/blob/62db628c/modules/cache/mod_cache_disk.c#L1054

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to