httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 42613] New: - issues while parsing long values in .htaccess
Date Thu, 07 Jun 2007 16:25:29 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42613>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42613

           Summary: issues while parsing long values in .htaccess
           Product: Apache httpd-1.3
           Version: HEAD
          Platform: Other
        OS/Version: OpenBSD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Auth/Access
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: cepter@cepter.net


Apache httpd fails to properly parse a long input coming from .htaccess 
directives. And this is how I found it:
I've put AuthName with a very long value into my .htaccess file.
In the error_log, httpd reported the following:

/var/www/htdocs/_files_/aaa/.htaccess: Invalid command 'AAAAAAA (and loads of As 
after this)

After certain amount of padding chars httpd started to treat the string as a new
directive. And when its value was long enough (still in the same line) it 
began to treat it as a new directive again from a certain character.
All in one line, as a value of AuthName.

Can't say if it happens to other directives as well (I'd say so, though
I didn't give it a try) and what's the impact on the security.

Please have a look at the following website with a sample (working) PoC:
URL: http://cepter.net/misc/htaccess

Server version: Apache/1.3.37 (Unix)
Server built:   Feb 21 2007 19:08:11

Haven't tried this on Apache HTTPD 2.0.

Regards

-- 
Peter

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message