httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 53910] New: If: check spuriously succeeds with %-encoded URL and ETag qualifier
Date Fri, 21 Sep 2012 04:58:20 GMT

          Priority: P2
            Bug ID: 53910
           Summary: If: check spuriously succeeds with %-encoded URL and
                    ETag qualifier
          Severity: normal
    Classification: Unclassified
                OS: other
          Hardware: Macintosh
            Status: NEW
           Version: 2.4.3
         Component: mod_dav
           Product: Apache httpd-2

Created attachment 29401

Using a clean build of httpd-2.4.3, I'm seeing the following behavior:

 * Make a collection
 * Get its ETag with PROPFIND Depth=0
 * Add an item to the collection
 * httpd reports a new ETag for the collection at this point
 * Attempt a MOVE of the collection to a new name, predicated with the OLD
ETag, using an "If" header of </src/> (["ETag"])
 * Expect a precondition failure error

I get a proper 412 precondition failure if the source and destination are
"/src/" and "/dst/", but if I use percent escapes in the URLs the MOVE
spuriously succeeds (for example, if I use "/s%20r%20c/" and "/d%20s%20t/".

I've you'd like to see or try specifically my case, I've submitted a patch to

A possible patch to fix the problem is attached -- when parsing the If header,
make sure to unescape the URI in the If header. dav_validate_resource_state()
compare a resource URI (which was already unescaped) with a dav_if_header's URI
(which was not unescaped while parsing the If header).

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message