Bug 1876525

Summary: mod_fcgid does not pass more than 64 variables to an FCGI server process environment
Product: Red Hat Enterprise Linux 8 Reporter: Petr Pisar <ppisar>
Component: mod_fcgidAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: icesalov
Severity: unspecified Docs Contact: Lenka Špačková <lkuprova>
Priority: unspecified    
Version: 8.2CC: bnater, icesalov, jorton, luhliari, mkyral, presharm
Target Milestone: rcKeywords: AutoVerified, FutureFeature, Triaged
Target Release: 8.4   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Enhancement
Doc Text:
.The `mod_fcgid` module can now pass up to 1024 environment variables to an FCGI server process With this update, the `mod_fcgid` module for the Apache HTTP Server can pass up to 1024 environment variables to a FastCGI (FCGI) server process. The previous limit of 64 environment variables could cause applications running on the FCGI server to malfunction.
Story Points: ---
Clone Of:
: 1958882 (view as bug list) Environment:
Last Closed: 2021-05-18 15:53:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1958882    

Description Petr Pisar 2020-09-07 11:59:06 UTC
An OpenShift user noticed <https://github.com/sclorg/dancer-ex/issues/78#issuecomment-687849728> that mod_fcgid does not pass more than 64 environment variables into an FCGI server process. As a result an application running in the FCGI server is missing the variables and misbehaves:

[Sun Sep 06 17:28:04.722760 2020] [fcgid:warn] [pid 18:tid 281472258011088] [client] mod_fcgid: 150 environment variables dropped; increase INITENV_CNT in fcgid_pm.h from 64 to at least 214
Can't locate Plack/Runner.pm in @INC (you may need to install the Plack::Runner module) (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /opt/app-root/src/extlib/bin/plackup line 3.
BEGIN failed--compilation aborted at /opt/app-root/src/extlib/bin/plackup line 3.
[Sun Sep 06 17:28:04.733448 2020] [fcgid:warn] [pid 18:tid 281472258011088] (104)Connection reset by peer: [client] mod_fcgid: error reading data from FastCGI server
[Sun Sep 06 17:28:04.733551 2020] [core:error] [pid 18:tid 281472258011088] [client] End of script output before headers: health

See the first line. The user needs in this case to increase the limit to 214. I'm not sure what's the reasonable number, but I propose increasing it to 1024. The limit is built into a mod_fcgid httpd module. The fix needs patching mod_fcgid sources (INITENV_CNT macro in modules/fcgid/fcgid_conf.h).

You can adapt a reproducer from bug #1651310. But this time place more than 64 distinct FcgidInitialEnv directives to a mod_fcgid configuration and then compare them with the environment of the running FCGI server process.

Comment 1 Yaakov Selkowitz 2020-09-07 18:10:51 UTC
The 200+ variables were a result of attempting to deploy dancer-mysql-example template in a project in which other samples had been deployed (for general testing).  Retesting in a clean OpenShift project show 57 environment variables present.  So this does work right now, but requiring a pristine project isn't optimal, and there isn't much room for future environment growth either.

The patch which enabled longer environment variable values mentioned a cost in terms of struct size.  What would be the cost of significantly increasing INITENV_CNT?

Comment 2 Petr Pisar 2020-09-08 06:10:48 UTC
Each variable occupies 320 bytes. Increasing the number of variables from 64 to 1024 would mean 307200 B more memory used by each FCGI server process.

Comment 22 errata-xmlrpc 2021-05-18 15:53:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (mod_fcgid bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.