httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 8416] New: - Long paths in request are prematurely rejected
Date Tue, 23 Apr 2002 14:07:47 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8416>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8416

Long paths in request are prematurely rejected

           Summary: Long paths in request are prematurely rejected
           Product: Apache httpd-1.3
           Version: HEAD
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: broz@andrew.cmu.edu


Long paths in request are prematurely rejected

get_path_info(), in http_request.c, does a stat() on the path of the request,
and rejects requests (by returning HTTP_FORBIDDEN) that exist, yet cannot be
accesssed.  However, the case where the filename is too long for the native
filesystem (where stat() returns ENAMETOOLONG) gets treated as 'file exists yet
is unreadable' rather than 'file doesn't exist'.

This behavior, results in path lengths larger than a certain length to be
rejected by Apache before JServ (as an example) can handle them.  


To reproduce:

Install JServ with Apache.

Set up a file extension to be handled by JServ in jserv.conf:

ApJServAction .foo /servlets/Whatever

Now request /aaaaaaaaaaa[....]aaaa.foo, where there are more than 256 'a's.  The
request will fail before JServ receives it.

This can probably be reproduced with CGI or other language modules (mod_perl?)
as well.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message