httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe+gm...@sunstarsys.com>
Subject Re: endless loop in libapreq
Date Tue, 23 Sep 2003 12:40:19 GMT
"Pelikan Stephan" <S.Pelikan@apa.at> writes:

> There is an endless loop if I call a request like
> 
> ...?&test=1&test=2
> 
> You might say this should unbeautiful but I'm not the only one who build
> web-apps on top of this server so I had to find a solution: I patched.
> 
> --- apache_request.c.orig       2003-09-09 09:11:45.000000000 +0200
> +++ apache_request.c    2003-09-09 09:14:21.000000000 +0200
> @@ -388,12 +388,13 @@
> 
>      while (*data && (val = my_urlword(r->pool, &data))) {
>         const char *key = ap_getword(r->pool, &val, '=');
> -
> +       if (*val != '\0') {
>         req_plustospace((char*)key);
>         ap_unescape_url_u((char*)key);
>         req_plustospace((char*)val);
>         ap_unescape_url_u((char*)val);
>         ap_table_add(req->parms, key, val);
> +       }
>      }
> 
>  }
> 
> I didn't have the time to find the real problem. 

I've reviewed code in question (my_urlword, ap_getword,
ap_unescape_url_u), and do not see any reason for it to freeze on
the aforementioned input: 

  data = "&test=1&test=2"

At line 391 in the unpatched apache_request.c (the blank line), the 
first "&" will cause

  data = "test=1&test=2"
  val = ""
  key = ""

At the end of the loop (line 396), ap_table_add puts an empty key-value
pair ("","") in the req->parms table.  This is *not* the section of code
in your program that's getting caught in a loop.  Maybe there's a
problem somewhere else (Request.xs?) with having an empty key-value pair
in the (front?) of the param table.

> This occures in libapreq-1.01 to libapreq-1.2 on HP-UX and Linux (I
> don't use apreq2 at the moment).

Can you post a perl handler that locks up?  That'd really help 
us track down the bug.

Thanks.
-- 
Joe Schaefer


Mime
View raw message