httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: problem with log url overflow found
Date Sun, 12 Jan 1997 00:03:42 GMT
On Sat, 11 Jan 1997, Alexei Kosut wrote:
> On Sat, 11 Jan 1997, Jason Clary wrote:
> > aren't multiple reduntant slashes removed automaticaly at the same time
> > ../'s are removed?  From this, I would guess not.. I'll have to
> > poke around that part of the code a bit.  But it would seem prudent
> > to remove illegal redundancies as the absolute first thing you do
> > after you read the request...  There's no reason for multiple slashes
> > that I can think of.
> You wanna bet on that? Multiple slashes are never removed from
> r->filename. They are removed from tests done to see if
> <Directory>/<Location>/<Files> sections match, but they stay around
> until the end. The reason for this is that there are CGI scripts
> around that expect a URL in PATH_INFO,
> i.e.
> However, Apache can't determine where the filename starts and the path
> info begins until much farther into the request than when it removes
> ../ and so forth (specifically, directly *after* the stat we're
> talking about). This has been examined in thorough detail, trust
> me.

Could Apache, upon getting the failed stat, strip redundant //'s and try



View raw message