DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42613>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42613
Summary: issues while parsing long values in .htaccess
Product: Apache httpd-1.3
Version: HEAD
Platform: Other
OS/Version: OpenBSD
Status: NEW
Severity: normal
Priority: P2
Component: Auth/Access
AssignedTo: bugs@httpd.apache.org
ReportedBy: cepter@cepter.net
Apache httpd fails to properly parse a long input coming from .htaccess
directives. And this is how I found it:
I've put AuthName with a very long value into my .htaccess file.
In the error_log, httpd reported the following:
/var/www/htdocs/_files_/aaa/.htaccess: Invalid command 'AAAAAAA (and loads of As
after this)
After certain amount of padding chars httpd started to treat the string as a new
directive. And when its value was long enough (still in the same line) it
began to treat it as a new directive again from a certain character.
All in one line, as a value of AuthName.
Can't say if it happens to other directives as well (I'd say so, though
I didn't give it a try) and what's the impact on the security.
Please have a look at the following website with a sample (working) PoC:
URL: http://cepter.net/misc/htaccess
Server version: Apache/1.3.37 (Unix)
Server built: Feb 21 2007 19:08:11
Haven't tried this on Apache HTTPD 2.0.
Regards
--
Peter
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
|