Package: uwsgi-plugin-psgi Version: 1.9.17.1-5 Severity: grave A PSGI application gets a input stream in the psgi.input element:[1] | psgi.input: the input stream. | The input stream in psgi.input is an IO::Handle-like object which | streams the raw HTTP POST or PUT data. The input stream MUST respond to | read and MAY implement seek.
The read method is defined as:[2] | $io->read ( BUF, LEN, [OFFSET] ) The current function XS_input_read in plugins/psgi/psgi_loader.c retrieves only the first two parameters and ignores the third:[3] | SV *read_buf = ST(1); | unsigned long arg_len = SvIV(ST(2)); This leads to silent buffer corruption, because it always overrides the buffer from the beginning instead of using the offset. The offset parameter is for example used in CGI::PSGI->read_from_client, so in almost any PSGI application. Bastian [1]: https://metacpan.org/pod/PSGI [2]: https://metacpan.org/pod/IO::Handle [3]: https://github.com/unbit/uwsgi/blob/master/plugins/psgi/psgi_loader.c#L100 -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.13-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
