httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55323] New: Double unescaped uri in sub request handler
Date Mon, 29 Jul 2013 08:08:29 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55323

            Bug ID: 55323
           Summary: Double unescaped uri in sub request handler
           Product: Apache httpd-2
           Version: 2.2.20
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: simon.klinkert@gmail.com

Created attachment 30643
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=30643&action=edit
re-escaping patch for ap_sub_req_method_uri

I'm observing a httpd/mod_webdav problem. When I try to upload or download a
file and the file name contains the special character '%' (for example
'file%#12file'), then I get 400 and 403 errors every time.

After some debugging with dtrace and gdb, I assume the httpd unescapes the uri
in ap_process_request_internal() more than once.

Take a look at this stack trace:

      httpd`ap_unescape_url
      httpd`ap_process_request_internal+0x107
      httpd`ap_sub_req_method_uri+0xdd
      httpd`ap_sub_req_lookup_uri+0x27
      mod_rewrite.so`lookup_variable+0x984
      mod_rewrite.so`do_expand+0xd2e
    splitout_queryargs
      mod_rewrite.so`apply_rewrite_list+0x354
      mod_rewrite.so`hook_uri2file+0x4f1
      httpd`ap_run_translate_name+0x2e
      httpd`ap_process_request_internal+0x2f5
      httpd`ap_process_request+0x165
      httpd`ap_process_http_connection+0x123
      httpd`ap_run_process_connection+0x2e
      httpd`child_main+0x493
      httpd`make_child+0x115
      httpd`startup_children+0x3d
      httpd`ap_mpm_run+0x90a
      httpd`main+0x9af
      httpd`_start+0x83

There are two calls of ap_process_request_internal() and thus two uri unescapes
(ap_unescape_url()).

I'm not really familiar with the httpd code, but I guess a possible fix could
re-escape the already unescaped uri in ap_sub_req_method_uri() before calling
the internal request handler.

A little patch seems to be working for me. WebDav uploads and downloads for the
file 'file%#12file' are now possible. I tested the version 2.2.20 but the 2.5
code looks broken as well.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message