Hi, no APLOGNO ?
Best regards, CJ Le 14/07/2014 22:08, cove...@apache.org a écrit :
Author: covener Date: Mon Jul 14 20:08:25 2014 New Revision: 1610509 URL: http://svn.apache.org/r1610509 Log: *) SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. [Rainer Jung, Eric Covener, Yann Ylavic] Submitted By: rjung, covener, ylavic Reviewed By: trawick, jorton, covener, jimModified: httpd/httpd/trunk/modules/generators/mod_cgid.c Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1610509&r1=1610508&r2=1610509&view=diff ============================================================================== --- httpd/httpd/trunk/modules/generators/mod_cgid.c (original) +++ httpd/httpd/trunk/modules/generators/mod_cgid.c Mon Jul 14 20:08:25 2014 @@ -1551,6 +1551,10 @@ static int cgid_handler(request_rec *r) if (rv != APR_SUCCESS) { /* silly script stopped reading, soak up remaining message */ child_stopped_reading = 1; + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "Error writing request body to script %s", + r->filename); + }
