On Mar 17, 2010, at 10:23 AM, Graeme Wood wrote:
> Hi,
>
> We are seeing a dozen or so instances daily of logins failing with no
> content_type errors. When this happens the CGI is rather unforgiving and
> forces an Apache error which is a bit unfriendly to our users. So the
> first question is are others seeing these mis-posted form errors?
I haven't heard any other reports of this. Do you have the user agent of the
clients running into the problem? Are they coming from a small group of client
IPs?
> And the second question is can we do something a bit better than just dumping
> an Apache error?
Presumably this is happening when the cgi_post routine fails due to the missing
CONTENT_TYPE environment variable. cgi_post failures appear to be the one error
condition in cosign.cgi which do not result in a template-based error page.
Rather than dump out a friendly error page, the cgi exits without doing
anything, leaving Apache to return a generic error status.
I'm not sure why cgi_post didn't merit error output. Try the attached patch,
which applies to cosign 3.1.1.
andrew
--
diff --git a/cgi/cgi.c b/cgi/cgi.c
index ae4ec41..63c0d3e 100755
--- a/cgi/cgi.c
+++ b/cgi/cgi.c
@@ -678,7 +678,10 @@ main( int argc, char *argv[] )
}
if ( cgi_post( cgi, cl ) != 0 ) {
- exit( 1 );
+ sl[ SL_TITLE ].sl_data = "Error: Client Login";
+ sl[ SL_ERROR ].sl_data = "Bad client request when logging in.";
+ subfile( ERROR_HTML, sl, 0 );
+ exit( 0 );
}
if ( cl[ CL_REF ].cl_data != NULL ) {
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
