httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: apache-0.2 on hyperreal
Date Sun, 19 Mar 1995 08:39:25 GMT
   Date: Sun, 19 Mar 95 13:18 GMT
   From: (David Robinson)

   I don't know if this is the cause of your problem, however:
   there is a bug in the patch B23_addtype-bug.txt that came with apache-0.2.
   (which is presumably the same as patches/for_NCSA_1.3/B23-patch.addtype-bug)
   It adds a trailing slash to the PATH_INFO and PATH_TRANSLATED cgi variables.

That sounds plausible to me.  There's a fix to this below.  Eric,
could you try it out?  Thanks.

[To self --- "that's IT!  Time to build that razzafrazzin' test driver."]

(Incidentally, I notice that this build included B23 but not B27,
which will cause trouble for anyone who uses the XBITHACK).  

   If possible, I think it would be better to split this patch into two; one
   to fix the addtype bug, and another to clean up the script code.

Unfortunately, that's not easy.  The reason for the AddType bug is
that the daemon tries to identify URLs containing scripts and includes
before it has done an evaluate_access (which is what reads the
.htaccess files); what's more, code to do this is in the base code in
four separate places, and if you don't fix them all, you wind up with
a script which can be activated by GET and not be POST. 

   It would have been a little easier to track down if the patch files
   contained readmes, and if there were a Changelog file in the apache source

   Also, could the apache releases be based on NCSA httpd 1.3R not 1.3?

Either that, or include the NCSA security patch which is the only
difference between the two.


Here's a possible fix for the trailing-slash business:


*** safe/http_script.c	Sun Mar 12 13:37:44 1995
--- http_script.c	Sun Mar 19 08:28:39 1995
*** 50,55 ****
--- 50,56 ----
                     struct stat *finfo)
      char *cp;
+     char *end = &path[strlen(path)];
      char *last_cp = NULL;
      int rv;
*** 56,68 ****
      *need_multi = 0;
      path_args[0] = '\0';
!     for (cp = &path[strlen(path)]; cp > path;) {
  	/* See if the pathname ending here exists... */
  	*cp = '\0';
  	rv = stat(path, finfo);
! 	*cp = '/';
  	if (!rv) {
--- 57,69 ----
      *need_multi = 0;
      path_args[0] = '\0';
!     for (cp = end; cp > path;) {
  	/* See if the pathname ending here exists... */
  	*cp = '\0';
  	rv = stat(path, finfo);
! 	if (cp != end) *cp = '/';
  	if (!rv) {

View raw message