Bug#606326: libapache2-mod-fcgid: mod_fcgid does not log an error when ExecCGI is disabled

[Chris Butler]

Package: libapache2-mod-fcgid
Version: 1:2.2-1
Severity: normal
Tags: patch

I've just spent rather a long time trying to work out why a particular
fcgid setup was not working. All I was getting was a 403 error from Apache,
with NOTHING in the error log to explain why.

I eventually tracked this down to the beginning of fcgid_handler, where it
checks for the ExecCGI option. Indeed, the lack of ExecCGI in the
configuration for that location was the problem. However, I shouldn't have
had to start reading the source to find the problem!

Attached is a patch that makes fcgid log an error (the wording could
possibly be improved here!) when ExecCGI is not defined. Please consider
applying it / forwarding it upstream.

I suspect that the check that follows this one (something to do with
path_info) would benefit from logging an error as well, although I'm not
100% sure what this bit does so haven't added it in my patch.

-- System Information:
Debian Release: 5.0.7
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-fcgid depends on:
ii  apache2.2-common         2.2.9-10+lenny8 Apache HTTP Server common files
ii  libc6                    2.7-18lenny6    GNU C Library: Shared libraries

libapache2-mod-fcgid recommends no packages.

libapache2-mod-fcgid suggests no packages.

-- no debconf information

-- 
Chris Butler <chr...@debian.org>
  GnuPG Key ID: 4096R/49E3ACD3

diff -urN orig/libapache2-mod-fcgid-2.3.6/modules/fcgid/mod_fcgid.c libapache2-mod-fcgid-2.3.6/modules/fcgid/mod_fcgid.c
--- orig/libapache2-mod-fcgid-2.3.6/modules/fcgid/mod_fcgid.c	2010-10-29 00:53:29.000000000 +0100
+++ libapache2-mod-fcgid-2.3.6/modules/fcgid/mod_fcgid.c	2010-12-08 12:40:55.000000000 +0000
@@ -186,7 +186,12 @@
         return DECLINED;
 
     if (!(ap_allow_options(r) & OPT_EXECCGI) && !is_scriptaliased(r))
+	{
+		ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+				"mod_fcgid: location of script %s does not have ExecCGI enabled",
+				r->filename);
         return HTTP_FORBIDDEN;
+	}
 
     if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
         r->path_info && *r->path_info)