httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alvaro Martinez Echevarria <>
Subject Bug in URI parsing
Date Sat, 03 Jan 1998 20:30:49 GMT
Hi there.
This is my first message to the list (and I am on the list from
just a couple of hours ago) so don't be too hard :-).
I have found a bug in the URI parsing of apache 1.2.4 (the one I
am working with), to be more specific in check_fulluri. The
problem arises when a request like this is made to a host called


As you can see, the URL is given in http://host form, with an
empty path. The effect of this request is that (at least with
1.2.4) apache complains about an unexistent "/host" file. The bug
is in "check_fulluri" (located in http_protocol), where the
return value of the function "ind" (util.c) is not checked to be
positive or zero. The bug only arises if the request is
considered local by the server (if it is not local, the URI is
returned intact by the code in check_fulluri).

The question now is: is that URL legal? I was not sure, but after
taking a look at a few RFCs, now I think it is, although it
shouldn't be common. According to RFC 1738 (Uniform Resource
Locators), when in an HTTP URL ``neither <path> nor <searchpart>
is present, the "/" may also be omitted''. And also according to
RFC 2068 (HTTP/1.1), an absent abs_path in an HTTP absoluteURI
must be interpreted as "/", as long as the request is presented
at the origin server (but if the request is to be forwarded to
a proxy, it should not be rewritten).

I've written a tiny patch that seems to solve the problem. I have
modified check_fulluri and also parse_uri (both in
http_protocol.c), because we can only rewrite the uri after
deciding that the request is local (the "else" block in
parse_uri). It applies to 1.2.4, I don't know if it will fit into
1.3.X. The patch is so small that nothing else should be
affected. If it is included in the next release, this could be
added to the CHANGES:

  *) Fixed a bug in URL parsing that caused a wrong decoding of
     URLs with empty paths. [ Alvaro Martínez Echevarría
     <> ]

By the way, the proxy module seems to behave correctly about all
this only when making the request to the origin server. But if
ProxyRemote is used, the URL is rewritten (to add a trailing
"/"), and that is not correct (I think). Anyway that is a
HTTP/1.1 proxy matter, so I suppose it's not very important.


|   Alvaro Martínez Echevarría   |      LANDER SISTEMAS            |
|        |      Pº Castellana, 121         |
`--------------------------------|      28046 Madrid, SPAIN        |
                                 |      Tel: +34-1-5562883         |
                                 |      Fax: +34-1-5563001         |

View raw message