From c250b42a487f1a9aadaa32ab33f282e37dde91fd Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Thu, 11 Jun 2009 12:32:59 +0000
Subject: [PATCH] * Close the listening Unix socket of the mod_cgid daemon in
 the CGI scripts.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

PR: 47335
Submitted by: KornÃ©l PÃ¡l <kornelpal gmail.com>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@783740 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                       |  5 ++++-
 modules/generators/mod_cgid.c | 17 ++++++++++-------
 2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/CHANGES b/CHANGES
index ae9ca38933..d5a2f653a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,8 +6,11 @@ Changes with Apache 2.3.3
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
+     CGI process. PR 47335 [KornÃ©l PÃ¡l <kornelpal gmail.com>]
+
   *) mod_rewrite: Remove locking for writing to the rewritelog.
-      PR 46942 [Dan Poirier <poirier pobox.com>]
+     PR 46942 [Dan Poirier <poirier pobox.com>]
 
   *) mod_alias: check sanity in Redirect arguments.
      PR 44729 [SÃ¶nke Tesch <st kino-fahrplan.de>, Jim Jagielski]
diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index 557a237437..8a30511183 100644
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -302,6 +302,13 @@ static void cgid_maint(int reason, void *data, apr_wait_t status)
 }
 #endif
 
+static apr_status_t close_unix_socket(void *thefd)
+{
+    int fd = (int)((long)thefd);
+
+    return close(fd);
+}
+
 /* deal with incomplete reads and signals
  * assume you really have to read buf_size bytes
  */
@@ -653,6 +660,9 @@ static int cgid_server(void *data)
         }
     }
 
+    apr_pool_cleanup_register(pcgi, (void *)((long)sd),
+                              close_unix_socket, close_unix_socket);
+
     /* if running as root, switch to configured user/group */
     if ((rc = ap_run_drop_privileges(pcgi, ap_server_conf)) != 0) {
         return rc;
@@ -1152,13 +1162,6 @@ static int log_script(request_rec *r, cgid_server_conf * conf, int ret,
     return ret;
 }
 
-static apr_status_t close_unix_socket(void *thefd)
-{
-    int fd = (int)((long)thefd);
-
-    return close(fd);
-}
-
 static int connect_to_daemon(int *sdptr, request_rec *r,
                              cgid_server_conf *conf)
 {
-- 
2.40.0

