httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alvaro Martinez Echevarria <alv...@lander.es>
Subject [PATCH] Fix incorrect uri parsing in 1.3b5
Date Fri, 20 Feb 1998 17:52:38 GMT
Hi there.

There's yet-another-bug in URI parsing. Full URIs are not being
parsed correctly in the recently released 1.3b5, as they are all
interpreted as proxy requests, even if they refer to the main
server_hostname. I mean:

$ telnet www.foo.com 80
Trying A.B.C.D...
Connected to www.foo.com.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 200 OK
blah blah blah blah....
[ normal server response ]

$ telnet www.foo.com 80
Trying A.B.C.D...
Connected to www.foo.com.
Escape character is '^]'.
GET http://www.foo.com/ HTTP/1.0

HTTP/1.0 403 Forbidden
blah blah blah blah.....
[ hey, this is not a proxy, buddy ]

The problem was a typo in check_fulluri@http_protocol.c: there
should be a "+3" to skip over "://" when parsing the URI. In the
patch I am attaching I have also included a slight modification
to address the tiny bug I mentioned in this list a month ago:
URIs with no path aren't parsed properly, because the function
ind() is not checked to return >=0. Right now with the code in
check_fulluri (in http_protocol.c) a request like "GET
http://www.foo.com HTTP/1.1", which is legal according to RFCs
1738 and 2068, results in a frightening "name[-1]='\0'" being
executed, and also in a completely wrong document being searched
("/www.foo.com").

I include a patch against the 1.3b5 release.

Regards.

.------------------------------------------------------------------.
|   Alvaro Martínez Echevarría   |      LANDER SISTEMAS            |
|        alvaro@lander.es        |      Pº Castellana, 121         |
`--------------------------------|      28046 Madrid, SPAIN        |
                                 |      Tel: +34-1-5562883         |
                                 |      Fax: +34-1-5563001         |
                                 `---------------------------------'



Mime
View raw message