[5.73] InitFastCGI() crash & security problem

Post bugreports for the Mac OSX version here
User avatar
deseven
Enthusiast
Enthusiast
Posts: 287
Joined: Wed Jan 12, 2011 3:48 pm
Location: Serbia
Contact:

[5.73] InitFastCGI() crash & security problem

Post by deseven »

If the port is already in use, the app is just silently crashing.

Code: Select all

If Not InitCGI()
  Debug "init cgi failed"
EndIf

If Not InitFastCGI(9091) ; replace with any used port
  Debug "init fcgi failed"
EndIf

Debug "passed all cgi checks"
To get the list of ports used in your system, open the terminal and input this command:

Code: Select all

lsof -i -P | grep -i "listen"
Also, there is no possibility to select on which IP fastcgi should listen and that leads to a huge security problem, since your fcgi service may be exposed to the world. Those services are usually limited to localhost (127.0.0.1) or even to local unix sockets.
User avatar
deseven
Enthusiast
Enthusiast
Posts: 287
Joined: Wed Jan 12, 2011 3:48 pm
Location: Serbia
Contact:

Re: [5.73] InitFastCGI() crash & security problem

Post by deseven »

This can be used as a workaround:

Code: Select all

Procedure isPortAvailable(port.l,flags = 0)
  If Not flags
    flags = #PB_Network_TCP|#PB_Network_IPv4
  EndIf
  Protected server.i = CreateNetworkServer(#PB_Any,port,flags)
  If server
    CloseNetworkServer(server)
    ProcedureReturn #True
  EndIf
EndProcedure

If isPortAvailable(port) And InitFastCGI(port)
  ...
EndIf
Post Reply