httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: [PATCH] (PR#130) mod_imap infinite loop fix
Date Mon, 10 Feb 1997 18:23:37 GMT
One problem with preventing the loop is that you commit us to supporting
the syntax you implement :) 


On Mon, 10 Feb 1997, Marc Slemko wrote:

> On Mon, 10 Feb 1997, Roy T. Fielding wrote:
> > >Actually, 'base' was not intended just to be a URL. It does however
> > >only make sense to deal with the directory it references IMO. Marc's
> > >fix does follow with the feature's purpose be it right or wrong.
> > 
> > Wait a minute, now I'm completely confused.  The code says it is
> > a base URL, the documentation says it is a base URL, it is currently
> > being parsed as a base URL (well, kind of -- it is nowhere close to
> > being compliant with RFC 1808), but somehow it is supposed to be a directory?
> > 
> > We can't have it both ways.  Either it is a URL or a directory, since the
> > two have distinctly different meanings without a trailing slash.  Given
> > that the code says that it can be set to the map URL, the referer URL,
> > or a configured URL, it would seem to me that it isn't a directory.
> > 
> > The correct fix to the problem reported is to replace the existing, buggy
> > imap_url() routine with a proper utility function that performs
> > relative -> absolute conversion.  Until then, the existing bug is better
> > than assuming that any base URL not ending in a slash is supposed to be a
> > directory.
> I still do not comprehend how you can have a problem with preventing an
> infinite loop.  The current code does not properly implement base URLs,
> the fixed code would not do so either so nothing would change except that
> there is no longer a chance of an infinite loop. 
> Have you looked at the code and tried the example I gave?  Do you
> understand that right now the code assumes that any base URL not ending in
> a slash is a directory, only it just assumes that without checking to be
> sure that is a valid assumption?  Would you be happy if it simply aborted
> and said "hey you moron, this module is broken" if it got that?
> Are you saying we should redo the parsing code in mod_imap before 1.2?  It
> is not acceptable to leave a known bug that causes an infinite loop simply
> because a fix to that problem doesn't fix everything else in the module.

View raw message