httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ICS.UCI.EDU>
Subject Re: [BUG?] /cgi-bin/foo/bar%2fbaz
Date Sun, 06 Apr 1997 07:02:55 GMT
>If foo is a script, and you try to access foo/bar/baz, it will run foo and
>pass /bar/baz as PATH_INFO.  If you try to access foo/bar%2fbaz, it will
>return NOT_FOUND because of unescape_url in util.c:
>                if (url[x] == '/' || url[x] == '\0') badpath = 1;
>Smells like a bug.  Once again (sigh) no time to look more deeply, would
>appreciate if someone familiar with that area take a look...

It has come up several times in the past.  The problem is that we use
the %2f check to avoid security problems with stupid scripts.  I think
the best solution would be to decode all %2f's before doing any processing
on the path, and thus reduce %2f.. to /.. before doing the path checks.
This makes it impossible to have a filename containing slash, but I think
we can live with that.


View raw message