httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject BUG? Apache 1.2.6, check_fulluri()
Date Mon, 25 May 1998 06:51:37 GMT

>Path: scanner.worldgate.com!logbridge.uoregon.edu!news-peer.gip.net!news.gsl.net!gip.net!news.new-york.net!uunet!in2.uu.net!nntphub.cb.lucent.com!news.research.bell-labs.com!news
>From: Dave Kristol <dmk@bell-labs.com>
>Newsgroups: comp.infosystems.www.servers.unix
>Subject: BUG?  Apache 1.2.6, check_fulluri()
>Date: Wed, 20 May 1998 12:15:46 -0400
>Organization: Bell Laboratories, Lucent Technologies
>Lines: 44
>Message-ID: <356301B2.43A0@bell-labs.com>
>NNTP-Posting-Host: aleatory.research.bell-labs.com
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>X-Mailer: Mozilla 3.0Gold (X11; I; SunOS 5.6 sun4m)
>Xref: scanner.worldgate.com comp.infosystems.www.servers.unix:42907     

The following problem did not exist in Apache 1.2.5 but appeared in
1.2.6.

I have two web servers running on my machine
(aleatory.research.bell-labs.com).  Aleatory has two aliases,
lpwa.tempo.bell-labs.com and www-zoo.research.bell-labs.com.  One
server is Apache, running as a proxy on
lpwa.tempo.bell-labs.com:8000.  The second is a different
(non-Apache) HTTP server on www-zoo.research.bell-labs.com:80.

A request to lpwa.tempo.bell-labs.com:8000 like this:
GET http://www-zoo.research.bell-labs.com/~dmk/ HTTP/1.0

is supposed to be forwarded by the (Apache) proxy to the www-zoo:80
server.  What happens instead (in 1.2.6) is I get a 404 File Not Found
error.  The Apache proxy has decided to serve the page itself, rather
than forward the request.

The fault appears to lie with check_fulluri() in http_protocol.c.  In
Apache 1.2.5, check_fulluri() returned the incoming URL unchanged.  In
Apache 1.2.6, check_fulluri() returns "/~dmk/", which the proxy assumes
is a page served locally by the proxy, not by www-zoo.

The different behavior occurs because of a change in the code that
checks port numbers (line 572 ff).  In my case there are no virtual
hosts, so sar->host_port is zero, but the code thinks it has identified
a virtual host.  The code then proceeds to match hostnames and to
decide that the resource can be served locally.

I'm going to guess that line 577:
    if (!sar) return uri;
should be
    if (!sar || !sar->virthost) return uri;

I also note, in passing, another bug in check_fulluri():  there's no
check that the result of
    i = ind(name, '/');
is non-negative.  In particular, if
uri == "http://www-zoo.research.bell-labs.com" with no trailing '/', a
valid URI, the code misbehaves and returns (prior to the line 577
change above) "/www-zoo.research.bell-labs.com", which, of course, is
not found.

Dave Kristol

Mime
View raw message