Bug#590735: libapache2-mod-perl2: Apache is overwriting large response bodies when the status code isn't 200

David Dick ddick at cpan.org
Wed Jul 28 22:02:11 UTC 2010 

Package: libapache2-mod-perl2
Version: 2.0.4-5+lenny1
Severity: normal



-- Package-specific info:
-------------8<---------- Start Bug Report ------------8<----------
1. Problem Description:

When executing a Perl CGI script with Apache2, i can write a 

Status: 403 Custom Forbidden 

header and the browser will see the response body i send.  When executing the same CGI script with ModPerl::Registry, the browser will also see the response body.
However, if the response body is bigger than 8Kb, a filter seems to kick in and substitute a custom response body, but only when executing the script with ModPerl::Registry.  
Normal CGI mode will work even for response bodies > 8Kb.

To recreate, add this file as /var/www/perl/test.pl

#! /usr/bin/perl -wT

my $response = <<_OUT_;
Status: 403 Custom Forbidden
Content-Type: text/html

_OUT_
$response .= "x" x 8192;
print $response;

and add the following fragment into /etc/apache2/sites-enabled/default

    <Directory "/var/www/perl/">
        AddHandler perl-script .pl
        Options +ExecCGI
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
    </Directory>

This test allows easy manipulation of the issue by altering the response body size, the status line or the Handler.

2. Used Components and their Configuration:

*** mod_perl version 2.000004

*** using /usr/lib/perl5/Apache2/BuildConfig.pm

*** Makefile.PL options:
  MP_APR_LIB     => aprext
  MP_APXS        => /usr/bin/apxs2
  MP_CCOPTS      => -g -Wall
  MP_COMPAT_1X   => 1
  MP_GENERATE_XS => 1
  MP_INCLUDE_DIR => /usr/include/apache2 /usr/include/apr-1.0
  MP_LIBNAME     => mod_perl
  MP_TRACE       => 0
  MP_USE_DSO     => 1
  MP_USE_GTOP    => 1
  MP_USE_STATIC  => 0


*** The httpd binary was not found


*** (apr|apu)-config linking info

(apr|apu)-config scripts were not found



*** /usr/bin/perl -V
Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.6.26-2-amd64, archname=i486-linux-gnu-thread-multi
    uname='linux puccini 2.6.26-2-amd64 #1 smp fri aug 14 07:12:04 utc 2009 i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.3.2', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'


Characteristics of this binary (from libperl): 
  Compile-time options: MULTIPLICITY PERL_DONT_CREATE_GVSV
                        PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP USE_ITHREADS
                        USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
  Built under linux
  Compiled at Aug 28 2009 22:15:29
  %ENV:
    PERL_LWP_USE_HTTP_10="1"
  @INC:
    /etc/perl
    /usr/local/lib/perl/5.10.0
    /usr/local/share/perl/5.10.0
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.10
    /usr/share/perl/5.10
    /usr/local/lib/site_perl
    .

*** Packages of interest status:

Apache2            : -
Apache2::Request   : -
CGI                : 3.29
ExtUtils::MakeMaker: 6.42
LWP                : 5.813
mod_perl           : -
mod_perl2          : 2.000004


3. This is the core dump trace: (if you get a core dump):

  [CORE TRACE COMES HERE]

This report was generated by /usr/share/libapache2-mod-perl2/mp2bug on Wed Jul 28 21:44:48 2010 GMT.

-------------8<---------- End Bug Report --------------8<----------




-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-perl2 depends on:
ii  apache2             2.2.9-10+lenny8      Apache HTTP Server metapackage
ii  apache2-mpm-prefork 2.2.9-10+lenny8      Apache HTTP Server - traditional n
ii  apache2.2-common    2.2.9-10+lenny8      Apache HTTP Server common files
ii  libapr1             1.2.12-5+lenny2      The Apache Portable Runtime Librar
ii  libaprutil1         1.2.12+dfsg-8+lenny4 The Apache Portable Runtime Utilit
ii  libc6               2.7-18lenny4         GNU C Library: Shared libraries
ii  libdevel-symdump-pe 2.08-1               Perl module for inspecting perl's 
ii  libperl5.10         5.10.0-19lenny2      Shared Perl library
ii  liburi-perl         1.35.dfsg.1-1        Manipulates and accesses URI strin
ii  libuuid1            1.41.3-1             universally unique id library
ii  libwww-perl         5.813-1              WWW client/server library for Perl
ii  netbase             4.34                 Basic TCP/IP networking system
ii  perl [libmime-base6 5.10.0-19lenny2      Larry Wall's Practical Extraction 
ii  perl-base [perlapi- 5.10.0-19lenny2      minimal Perl system

Versions of packages libapache2-mod-perl2 recommends:
pn  libapache2-reload-perl        <none>     (no description available)
pn  libbsd-resource-perl          <none>     (no description available)

libapache2-mod-perl2 suggests no packages.

-- no debconf information

More information about the pkg-perl-maintainers mailing list