Skip Menu |
 

This queue is for tickets about the FCGI CPAN distribution.

Report information
The Basics
Id: 68380
Status: resolved
Priority: 0/
Queue: FCGI

People
Owner: Nobody in particular
Requestors: ssinyagin [...] yahoo.com
Cc: dam [...] cpan.org
jquelin [...] cpan.org
AdminCc:

Bug Information
Severity: Critical
Broken in:
  • 0.70
  • 0.71
  • 0.71_01
  • 0.71_02
  • 0.71_03
  • 0.72
  • 0.73
Fixed in: (no value)

Attachments


Subject: FCGI-0.70 to 0.72 with perl5.12: CGI.pm receives CGI variables from previous requests
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 712
Download (untitled) / with headers
text/plain 712b
hi, I'm using FCGI in Torrus, here's the code: http://goo.gl/Gr0oW http://goo.gl/uYBN5 I installed perl 5.12.3 from sources, and also the latest FCGI.pm. CGI.pm version: 3.49 The problem is reproducible in FCGI-0.70 , 0.71, 0.72. Problem: often CGI.pm receives CGI variables from previous requests, and $q->url(-path => 1) shows a request which was executed before. The problem is visible when more than one FastCGI processes are launched. With only one FastCGI handler, the problem is not seen. The server runs Apache with mod_fastcgi (Ubuntu package: libapache2-mod-fastcgi 2.4.6-1). Downgrading to FCGI-0.69 has solved the problem, although perl is complaining about defined(%hash) statements.
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-18809-1306145263-147.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 70
I reproduced the same problem on a Redhat server with Apache+mod_fcgid
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-18806-1306182799-1994.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 342
Download (untitled) / with headers
text/plain 342b
Is it reproducible with a mimimal script such as: #!/usr/bin/perl use strict; use warnings; use CGI::Fast; while (my $q = CGI::Fast->new) { print $q->header(-type => 'text/plain'), $q->url(-path => 1), "\n"; } Could you also try with the latest CGI.pm version? Output of perl -V might prove helpful also. -- chansen
MIME-Version: 1.0
In-Reply-To: <rt-3.8.HEAD-18806-1306182799-1994.68380-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
References: <rt-3.8.HEAD-18806-1306182799-1994.68380-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-18805-1306265209-752.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 95
Strange, chansen, I can't reproduce it with this little script -- it prints the URL as expected
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-18807-1306271051-78.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1092
For some reason the global hash was not working as expected. This patch replaces it with a global hashref. Tests show behavior as expected: diff --git a/perl/FCGI.PL b/perl/FCGI.PL index 746aaf3..ce0d70b 100644 --- a/perl/FCGI.PL +++ b/perl/FCGI.PL @@ -295,14 +295,14 @@ sub Request(;***$*$) { sub accept() { warn "accept called as a method; you probably wanted to call Accept" if @_; - if (%FCGI::ENV) { - %ENV = %FCGI::ENV; + if (defined $FCGI::ENV) { + %ENV = %$FCGI::ENV; } else { - %FCGI::ENV = %ENV; + $FCGI::ENV = {%ENV}; } my $rc = Accept($global_request); - for (keys %FCGI::ENV) { - $ENV{$_} = $FCGI::ENV{$_} unless exists $ENV{$_}; + for (keys %$FCGI::ENV) { + $ENV{$_} = $FCGI::ENV->{$_} unless exists $ENV{$_}; } # not SFIO @@ -314,7 +314,7 @@ sub accept() { sub finish() { warn "finish called as a method; you probably wanted to call Finish" if @_; - %ENV = %FCGI::ENV if %FCGI::ENV; + %ENV = %$FCGI::ENV if (defined $FCGI::ENV); # not SFIO if (tied (*STDIN)) {
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-18811-1306342649-1312.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 267
Download (untitled) / with headers
text/plain 267b
I'm a bit confused, first you said you couldn't reproduce the issue with the script i sent, then later you said "For some reason the global hash was not working as expected.". We need a reproducible case before we can accept any patches for this issue. -- chansen
From ssinyagin [...] yahoo.com Wed May 25 13: 05:23 2011
X-Ymail-Osg: ZqN07XoVM1khlzcMvW8dgEeTfr0.Kr5FVlZuVo8m.E28Dxd 29jPCbIxOLPI5jgPTBSfpe4z6EsdAknmxG5IiIoeuV504NGkQ8QNFsSnHPnU EvgdKBQ6PdCTOqhawClAG3wYg1uPoa2YB28HfkOmP9BVbsHZc39A0RYnOvYP 7PSAAx9N9LuPSCUGCTsjla9EcAeiU7c3Y6mCcBMoUpdAa7aoTbVpOpiGKFA_ WHIJTzBVfHVTOhLxDX_Nril3I35mUpohrksKN_fb3.UJzyTdCHwakqRccy4P NZlCbpe6wlH.53ivFKxKZzV2Q4Oxyye3iAeCKCWoxhe879oCyCx27.vS6ckR Z0DVJxdyoR41uVZ45M5bBVWuoyADia9VpcULyFWoxkHxxNaf2ceVBNKudkzN PUgoQ8Y4R_CIddYc7Lmr.VFeJTOgvP10EHFw_C2GpRYgD57Y.gLX9sEA1B9A 2bosZBa4E9_aTJfd8KGjNsizAsbMSP9LrZcCGc3DyuJwKInkrgowoYEW1tij acc.YDem4wkuv.MJBH9JbYHyZKSCpLRcaYerFWAKFAXh5F.mkYUbMCc3Tr_0 uWCZdrnem4V4lt9J09w--
MIME-Version: 1.0
X-Spam-Status: No, score=-4.051 tagged_above=-99.9 required=10 tests=[AWL=2.947, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RFC_ABUSE_POST=0.001] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-18811-1306342650-766.68380-6-0 [...] rt.cpan.org>
X-Mailer: YahooMailWebService/0.8.111.303096
X-Spam-Flag: NO
X-Yahoo-Newman-ID: 64549.93456.bm [...] omp1042.mail.sp2.yahoo.com
References: <RT-Ticket-68380 [...] rt.cpan.org> <rt-3.8.HEAD-18811-1306342650-766.68380-6-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Yahoo-Newman-Property: ymail-3
Message-ID: <534369.58572.qm [...] web39302.mail.mud.yahoo.com>
Reply-To: Stanislav Sinyagin <ssinyagin [...] yahoo.com>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -4.051
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] yahoo.com
Authentication-Results: hipster.bestpractical.com (amavisd-new); domainkeys=pass header.from=ssinyagin [...] yahoo.com
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 9B9A1240027 for <cpan-bug+fcgi [...] hipster.bestpractical.com>; Wed, 25 May 2011 13:05:23 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YqQjGcv9qpI8 for <cpan-bug+fcgi [...] hipster.bestpractical.com>; Wed, 25 May 2011 13:05:22 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id C5BC9240022 for <bug-fcgi [...] rt.cpan.org>; Wed, 25 May 2011 13:05:21 -0400 (EDT)
Received: (qmail 24718 invoked by uid 103); 25 May 2011 17:05:21 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 25 May 2011 17:05:21 -0000
Received: from nm2.bullet.mail.sp2.yahoo.com (HELO nm2.bullet.mail.sp2.yahoo.com) (98.139.91.72) by 16.mx.develooper.com (qpsmtpd/0.80/v0.80-19-gf52d165) with SMTP; Wed, 25 May 2011 10:05:19 -0700
Received: from [98.139.91.66] by nm2.bullet.mail.sp2.yahoo.com with NNFMP; 25 May 2011 17:05:17 -0000
Received: from [98.139.91.42] by tm6.bullet.mail.sp2.yahoo.com with NNFMP; 25 May 2011 17:05:17 -0000
Received: from [127.0.0.1] by omp1042.mail.sp2.yahoo.com with NNFMP; 25 May 2011 17:05:17 -0000
Received: (qmail 66127 invoked by uid 60001); 25 May 2011 17:05:16 -0000
Received: from [217.162.226.225] by web39302.mail.mud.yahoo.com via HTTP; Wed, 25 May 2011 10:05:16 PDT
Delivered-To: cpan-bug+fcgi [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #68380] FCGI-0.70 to 0.72 with perl5.12: CGI.pm receives CGI variables from previous requests
Return-Path: <ssinyagin [...] yahoo.com>
Domainkey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=j4kaEwWFz0CbGwYAuvOT4uFmLoRCJv3V51SD8xCPZ5BboePrsnvgj70G62yhcidcEXZ/9fvwtipo3t0r6zDh4AbkP4/Nkuw9YXbwOBxvuXbMn5KNB5GbwvL6HrK/6SpE2Y2iXseCkRBnL4qgIW7NWeG+CXHI8uIbzB9gVV9eUj8=;
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1306343116; bh=4/WUirZ/kput5vO6wegLT0qgAQesbLyizXix3uqGpHU=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=h/YwPdbTEJnynazwbX0Rd6NyMz9BwKpmSBRYPNHS2Q9YnafYkdF1Z8n8x4wqqhHHj4EOLy/dmCd0JP03vgZQXBhMRiui7qSWmSjicaihetroBKWb8+u09jpdyPKvmoA4wOmED8l+SQubdn1kgvr2b8MDCJCrtFyXAz6Ra5TWBE0=
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+fcgi [...] hipster.bestpractical.com
X-RT-Mail-Extension: fcgi
Date: Wed, 25 May 2011 10:05:16 -0700 (PDT)
X-Spam-Level:
To: "bug-FCGI [...] rt.cpan.org" <bug-FCGI [...] rt.cpan.org>
From: Stanislav Sinyagin <ssinyagin [...] yahoo.com>
RT-Message-ID: <rt-3.8.HEAD-18811-1306343124-285.68380-0-0 [...] rt.cpan.org>
Content-Length: 381
Download (untitled) / with headers
text/plain 381b
I could not reproduce it with a small script like yours, but it was reproducible in my Torrus installation. FCGI performs some manipulations with environment variables which are not quite clear to me, so I can't really analyze what's going on in it. In the FCGI Git repository (git://git.shadowcat.co.uk/catagits/fcgi2.git) the commit that breaks the functionality is 03e35f7.
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-18807-1306793616-1511.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 195
Download (untitled) / with headers
text/plain 195b
We have been unsuccessful with reproducing your reported issue, using persistent and non- persistent connections. Unless a minimal test-case is provided this report will be rejected. -- chansen
From ssinyagin [...] yahoo.com Tue May 31 04: 31:06 2011
X-Ymail-Osg: auNsQMIVM1kx3oup07Bq47teGHzPN2pzhQAzSCj5gWS.d3Q vU6bUytVs.la6r2VK1W3SqdNfv7ytMMUmx30TQaKXrloL36VLmwUGSHrO.ZV MRd8XYazqS55D.D075wKjeIN80psrPjMOn8XfY..Mok2xonsGiGr0AtTKGnH .JduhlOeP9griBbUdZBFJkJZKzqUKxUoo2L6Uh1dKwdd_MSIC.gjthAeokfM j5QWBsr5kia7kAIDZqtW_Y42Pp0eGgGWyeAxz4x9L6wWpPl.wouCary83iJz TeTA93UZBzsB4Z925g4CvFzFYLK3dvB.gpK0qzh_9GV8QQpgECDtI1ZvsqhX CoGbC0LSsswixGcFoYk7f7d727QSbq51H0Zq.NB9ghl..cr6lAea.OEqRhEB kI4GKJpILMsXDM7vVOEYTrIbuqWF02yZvDvjIitePnqfDfK2.k6kir7sQ9DK Od7uhpVg.I3djCIVXi475VwBpxNVVomQxQ0vcQuS_KewmeVinRKbert0-
MIME-Version: 1.0
X-Spam-Status: No, score=-4.771 tagged_above=-99.9 required=10 tests=[AWL=2.226, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RFC_ABUSE_POST=0.001] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-18807-1306793618-810.68380-6-0 [...] rt.cpan.org>
X-Mailer: YahooMailWebService/0.8.111.304355
X-Spam-Flag: NO
X-Yahoo-Newman-ID: 43321.43087.bm [...] omp1051.mail.bf1.yahoo.com
References: <RT-Ticket-68380 [...] rt.cpan.org> <rt-3.8.HEAD-18807-1306793618-810.68380-6-0 [...] rt.cpan.org>
X-Virus-Checked: Checked by ClamAV on 16.mx.develooper.com
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Yahoo-Newman-Property: ymail-3
Message-ID: <349731.66131.qm [...] web39310.mail.mud.yahoo.com>
Reply-To: Stanislav Sinyagin <ssinyagin [...] yahoo.com>
Content-Type: multipart/alternative; boundary="0-791439533-1306830658=:66131"
X-Spam-Score: -4.771
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] yahoo.com
Authentication-Results: hipster.bestpractical.com (amavisd-new); domainkeys=pass header.from=ssinyagin [...] yahoo.com
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id BF119240087 for <cpan-bug+fcgi [...] hipster.bestpractical.com>; Tue, 31 May 2011 04:31:06 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KJ-icFvsATRg for <cpan-bug+fcgi [...] hipster.bestpractical.com>; Tue, 31 May 2011 04:31:05 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 1138024001A for <bug-fcgi [...] rt.cpan.org>; Tue, 31 May 2011 04:31:04 -0400 (EDT)
Received: (qmail 25241 invoked by uid 103); 31 May 2011 08:31:04 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 31 May 2011 08:31:04 -0000
Received: from nm19.bullet.mail.bf1.yahoo.com (HELO nm19.bullet.mail.bf1.yahoo.com) (98.139.212.178) by 16.mx.develooper.com (qpsmtpd/0.80/v0.80-19-gf52d165) with SMTP; Tue, 31 May 2011 01:31:02 -0700
Received: from [98.139.212.152] by nm19.bullet.mail.bf1.yahoo.com with NNFMP; 31 May 2011 08:30:59 -0000
Received: from [98.139.212.242] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 31 May 2011 08:30:59 -0000
Received: from [127.0.0.1] by omp1051.mail.bf1.yahoo.com with NNFMP; 31 May 2011 08:30:59 -0000
Received: (qmail 72288 invoked by uid 60001); 31 May 2011 08:30:58 -0000
Received: from [195.112.95.126] by web39310.mail.mud.yahoo.com via HTTP; Tue, 31 May 2011 01:30:58 PDT
Delivered-To: cpan-bug+fcgi [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #68380] FCGI-0.70 to 0.72 with perl5.12: CGI.pm receives CGI variables from previous requests
Return-Path: <ssinyagin [...] yahoo.com>
Domainkey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=gKCcFsfw956e/x7Q+bXllzgeG5DFef6BbEuBiffjwr+fkHqZNAjOV7MEw9NM/8aVDBD1tW6WKx5gfOaBp0zWKeky32WenJOWl1r0OUxdxTZnroLxNGg3hoAjcoGUsA4Ib8I02YDyXCp0j5pMURbQf2Ny8YcqiOJSNmsj6Vg9eLw=;
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1306830658; bh=U3Ta6M0aiQTXOyKBEY/Fv4Au1PozzErto2CFVD6763k=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=yIu7wAQWmGQ6V+IgCrjT9yDrhBipfBTGd6FUbd6LSgyfzvol53WHy+SiDTjvvYcQkINY2ROXjn3Ias9rOfz6VnaAny6b06nqN9yAkv86jc32rgFWJLkO4T0eoRa2Q4AP18Q7eHztHCR6qcLxEOUCAZv+KhmYMGXLdQLqtQQUjdw=
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+fcgi [...] hipster.bestpractical.com
X-RT-Mail-Extension: fcgi
Date: Tue, 31 May 2011 01:30:58 -0700 (PDT)
X-Spam-Level:
To: "bug-FCGI [...] rt.cpan.org" <bug-FCGI [...] rt.cpan.org>
From: Stanislav Sinyagin <ssinyagin [...] yahoo.com>
RT-Message-ID: <rt-3.8.HEAD-18805-1306830667-76.68380-0-0 [...] rt.cpan.org>
Content-Length: 0
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Content-Length: 118
Download (untitled) / with headers
text/plain 118b
well, a full Torrus installation would be a bit too much effort. I'll try to produce a test case within few days. Show quoted text
>
Content-Type: text/html; charset="utf-8"
X-RT-Original-Encoding: utf-8
Content-Length: 612
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Type: multipart/mixed; boundary="----------=_1307307274-18809-565"
Message-ID: <rt-3.8.HEAD-18809-1307307274-57.68380-0-0 [...] rt.cpan.org>
X-RT-Original-Encoding: utf-8
Content-Length: 0
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1162
Download (untitled) / with headers
text/plain 1.1k
I managed to reproduce it. test script: ============ #!/opt/nmstools/thirdparty/bin/perl use lib '/opt/nmstools/src/tmp/fcgi2/perl/blib/lib'; use lib '/opt/nmstools/src/tmp/fcgi2/perl/blib/arch'; use strict; use warnings; use CGI::Fast; while (my $q = new CGI::Fast) { print $q->header(-type => 'text/plain'); print $FCGI::VERSION, "\n", $q->param('a'), "\n", $q->url(-path => 1), "\n"; } ================== Apache configuration: ========= AddHandler fcgid-script .fcgi ScriptAlias /torrus/xxx "/opt/nmstools/src/tmp/fcgitest.fcgi" <Location /torrus> Order Allow,Deny Allow from all Options +ExecCGI </Location> ========= First, I access the following URL, and the printed output is as expected: http://HOST/torrus/xxx/ff?a=ddd Then I access the following URL: http://HOST/torrus/xxx and the script prints: ========== 0.73 http://HOST/torrus/xxx/ff ========== Expected result would be the "http://HOST/torrus/xxx". Attached, see the patch against 0.73 without any broken linebreaks. It solves the problem, but it's still not completely clear how the logic behind %ENV manipulation works in FCGI.pm cheers, stanislav
MIME-Version: 1.0
Subject: FCGI-0.73-ssinyagin-20110605.patch
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Type: application/octet-stream; name="FCGI-0.73-ssinyagin-20110605.patch"
Content-Disposition: inline; filename="FCGI-0.73-ssinyagin-20110605.patch"
Content-Transfer-Encoding: base64
Content-Length: 951
diff --git a/perl/FCGI.PL b/perl/FCGI.PL index 746aaf3..ce0d70b 100644 --- a/perl/FCGI.PL +++ b/perl/FCGI.PL @@ -295,14 +295,14 @@ sub Request(;***$*$) { sub accept() { warn "accept called as a method; you probably wanted to call Accept" if @_; - if (%FCGI::ENV) { - %ENV = %FCGI::ENV; + if (defined $FCGI::ENV) { + %ENV = %$FCGI::ENV; } else { - %FCGI::ENV = %ENV; + $FCGI::ENV = {%ENV}; } my $rc = Accept($global_request); - for (keys %FCGI::ENV) { - $ENV{$_} = $FCGI::ENV{$_} unless exists $ENV{$_}; + for (keys %$FCGI::ENV) { + $ENV{$_} = $FCGI::ENV->{$_} unless exists $ENV{$_}; } # not SFIO @@ -314,7 +314,7 @@ sub accept() { sub finish() { warn "finish called as a method; you probably wanted to call Finish" if @_; - %ENV = %FCGI::ENV if %FCGI::ENV; + %ENV = %$FCGI::ENV if (defined $FCGI::ENV); # not SFIO if (tied (*STDIN)) {
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-20562-1315492821-1709.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 115
Download (untitled) / with headers
text/plain 115b
There is quite good analysis in the Debian bug report about the same issue, http://bugs.debian.org/607479 -- dam
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-20566-1315807249-1141.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 38
For the record, this is CVE-2011-2766.
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-20566-1316554781-1335.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 427
Download (untitled) / with headers
text/plain 427b
This isn't really an issue within FCGI package, the API CGI::Fast is using was deprecated 2000- 04-09 with the commit <http://git.shadowcat.co.uk/gitweb/gitweb.cgi? p=catagits/fcgi2.git;a=commit;f=perl/oldinterface.pod;h=d2900ee847a5f541f30ca6cd47cc07a Show quoted text
2833a7f4a>.
We recognize the usage of CGI::Fast package and will merge the proposed fix and notify the CGI.pm developers that they are using a deprecated API. -- chansen
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-3053-1316874483-1860.68380-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 258
Download (untitled) / with headers
text/plain 258b
Patch has been applied [1] and a new release has been released on CPAN [2]. [1] <http://git.shadowcat.co.uk/gitweb/gitweb.cgi? p=catagits/fcgi2.git;a=commitdiff;h=297693dc8362d25bb25e473899c72508a0f71d2e> [2] http://search.cpan.org/dist/FCGI/ -- chansen


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.