https://bz.apache.org/bugzilla/show_bug.cgi?id=68905
Bug ID: 68905
Summary: CONTENT_LENGTH omitted from POST requests
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_cgi
Assignee: bugs@httpd.apache.org
Reporter: drh@sqlite.org
Target Milestone: ---
I am the project lead for SQLite and Fossil. I have not verified this report
personally. The information here is gleaned from a thread on the Fossil Forum:
<https://fossil-scm.org/forum/forumpost/12ac403fd29cfc89>
Fossil is a version-control system, used by SQLite and many other projects.
Fossil includes a web-interface that can be run using CGI. There are thousands
of project teams using Fossil, and many of them run Fossil underneath Apache
using mod_cgi.
We have multiple reports from the field that after a recent Apache security
update, Fossil has stopped working. We have traced the problem to a missing
CONTENT_LENGTH meta-variable. In other words, it appears (as best as we can
determine so far) that Apache has stopped setting the CONTENT_LENGTH
environment variable for CGI requests that have content - such as POST
requests.
According to RFC 3875, "The server MUST set this meta-variable if and only if
the request is accompanied by a message-body entity." Indeed, there is no way
for Fossil to discover the content length on its own if the CONTENT_LENGTH
environment variable is missing. Fossil has to assume that CONTENT_LENGTH is
zero, but that causes POST content to go missing.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Bug ID: 68905
Summary: CONTENT_LENGTH omitted from POST requests
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_cgi
Assignee: bugs@httpd.apache.org
Reporter: drh@sqlite.org
Target Milestone: ---
I am the project lead for SQLite and Fossil. I have not verified this report
personally. The information here is gleaned from a thread on the Fossil Forum:
<https://fossil-scm.org/forum/forumpost/12ac403fd29cfc89>
Fossil is a version-control system, used by SQLite and many other projects.
Fossil includes a web-interface that can be run using CGI. There are thousands
of project teams using Fossil, and many of them run Fossil underneath Apache
using mod_cgi.
We have multiple reports from the field that after a recent Apache security
update, Fossil has stopped working. We have traced the problem to a missing
CONTENT_LENGTH meta-variable. In other words, it appears (as best as we can
determine so far) that Apache has stopped setting the CONTENT_LENGTH
environment variable for CGI requests that have content - such as POST
requests.
According to RFC 3875, "The server MUST set this meta-variable if and only if
the request is accompanied by a message-body entity." Indeed, there is no way
for Fossil to discover the content length on its own if the CONTENT_LENGTH
environment variable is missing. Fossil has to assume that CONTENT_LENGTH is
zero, but that causes POST content to go missing.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org