httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject NCSA 1.4 --- /~user URLs kill Redirect srm.conf directives...
Date Thu, 06 Apr 1995 07:48:25 GMT
As long as I was probing NCSA 1.4 for weaknesses, I figured I might as
well check for the potential weakness that came up a couple of days
ago on new-httpd regarding the add_alias for translation of /~user
URLs.  You'll recall that Dave Robinson pointed out that /~user is
handled by httpd internally by NCSA 1.3 by creating a new alias, and
that that could cause the fixed-length table which holds the alias
data (mnemonically named "a" in http_alias.c) to overflow.

As it happens, the first thing that it would overflow into is the
somewhat less mnemonically named "v" array, which holds Alias-entry
structures which have information on active Redirect directives.  So
the first symptom of an Alias table overflow would be that Redirect
directives would break.  (Of course, continued overflow would bring it
past the end of the "v" table as well, ultimately leading to collision
with more vital data structures and a fatal fandango on core).

I've managed to duplicate at least the first of these symptoms.  If a
single httpd_child process ever translates more than 20 /~username
URLs with 20 distinct, valid usernames, the table does overflow, and
whatever Redirect directives were in srm.conf incrementally stop being
honored as their table entries become taken up with the internally
generated aliases.  I haven't taken it all the way to the core-dump
stage yet ;-).

(As with the .htaccess problem I found last weekend, this is easiest
to demonstrate in a test hookup with StartServers and MaxServers set
to one, so you always get the same child).


View raw message