httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: BUG? Apache 1.2.6, check_fulluri()
Date Mon, 25 May 1998 07:54:40 GMT
Gah... all stuff that's completely fixed in 1.3.  It's embarassing how bad
this is in 1.2.x.

Your fix looks right, I'll commit it.

Dean

On Mon, 25 May 1998, Marc Slemko wrote:

> 
> >Path: scanner.worldgate.com!logbridge.uoregon.edu!news-peer.gip.net!news.gsl.net!gip.net!news.new-york.net!uunet!in2.uu.net!nntphub.cb.lucent.com!news.research.bell-labs.com!news
> >From: Dave Kristol <dmk@bell-labs.com>
> >Newsgroups: comp.infosystems.www.servers.unix
> >Subject: BUG?  Apache 1.2.6, check_fulluri()
> >Date: Wed, 20 May 1998 12:15:46 -0400
> >Organization: Bell Laboratories, Lucent Technologies
> >Lines: 44
> >Message-ID: <356301B2.43A0@bell-labs.com>
> >NNTP-Posting-Host: aleatory.research.bell-labs.com
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset=us-ascii
> >Content-Transfer-Encoding: 7bit
> >X-Mailer: Mozilla 3.0Gold (X11; I; SunOS 5.6 sun4m)
> >Xref: scanner.worldgate.com comp.infosystems.www.servers.unix:42907     
> 
> The following problem did not exist in Apache 1.2.5 but appeared in
> 1.2.6.
> 
> I have two web servers running on my machine
> (aleatory.research.bell-labs.com).  Aleatory has two aliases,
> lpwa.tempo.bell-labs.com and www-zoo.research.bell-labs.com.  One
> server is Apache, running as a proxy on
> lpwa.tempo.bell-labs.com:8000.  The second is a different
> (non-Apache) HTTP server on www-zoo.research.bell-labs.com:80.
> 
> A request to lpwa.tempo.bell-labs.com:8000 like this:
> GET http://www-zoo.research.bell-labs.com/~dmk/ HTTP/1.0
> 
> is supposed to be forwarded by the (Apache) proxy to the www-zoo:80
> server.  What happens instead (in 1.2.6) is I get a 404 File Not Found
> error.  The Apache proxy has decided to serve the page itself, rather
> than forward the request.
> 
> The fault appears to lie with check_fulluri() in http_protocol.c.  In
> Apache 1.2.5, check_fulluri() returned the incoming URL unchanged.  In
> Apache 1.2.6, check_fulluri() returns "/~dmk/", which the proxy assumes
> is a page served locally by the proxy, not by www-zoo.
> 
> The different behavior occurs because of a change in the code that
> checks port numbers (line 572 ff).  In my case there are no virtual
> hosts, so sar->host_port is zero, but the code thinks it has identified
> a virtual host.  The code then proceeds to match hostnames and to
> decide that the resource can be served locally.
> 
> I'm going to guess that line 577:
>     if (!sar) return uri;
> should be
>     if (!sar || !sar->virthost) return uri;
> 
> I also note, in passing, another bug in check_fulluri():  there's no
> check that the result of
>     i = ind(name, '/');
> is non-negative.  In particular, if
> uri == "http://www-zoo.research.bell-labs.com" with no trailing '/', a
> valid URI, the code misbehaves and returns (prior to the line 577
> change above) "/www-zoo.research.bell-labs.com", which, of course, is
> not found.
> 
> Dave Kristol
> 


Mime
View raw message