httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: Problem with <Directory proxy:*> and ap_os_canonical_filename()
Date Wed, 27 Jan 1999 02:33:09 GMT
On Tue, 26 Jan 1999, Manoj Kasichainula wrote:

> On Sun, Jan 24, 1999 at 02:28:09PM +1000, Brian Havard wrote:
> > When using a <Directory proxy:*> block to control access to the proxy,
> > "proxy:*" is passed to ap_os_canonical_filename(). My OS/2 implementation of
> > that function barfs on that (it's not a valid file name).
> > 
> > So where should this special case be caught?
> Hmmm. If I understand correctly, the Unix side simply allows it

I should hope the Unix side just allows it through.  <g>  You mean Win32.

> through, so the simplest solution would probably be to allow it
> through ap_os_canonical_filename with a special case. Another
> alternative, which feels cleaner to me but is more work, would likely
> be to check for "proxy:" in spots where it is valid, and skip the
> os_canonical_filename call in those cases.

This code used to get called for all sorts of things that aren't
filenames, and AFAIK it still does.  See the long list of example cases
that kind IBM person (forget his name...) posted when he did work on the
Win32 function.

> > I can
> > currently bomb out a server process in OS/2 by sending it
> > 
> > GET /a>b.html HTTP/1.0
> > 
> > This triggers the ap_assert(rc==0) in OS/2's ap_os_canonical_filename() due
> > to the '>'. I guess the correct behaviour would be to return "400 Bad
> > Request".
> As a short-term measure, how about just stripping out any illegal
> characters? Or, have ap_ocf return "/" if DosQueryPathInfo returns an error.

Yuck.  Yet another legacy of people designing code with the idea that
asserts are a good idea, therefore not creating any way to return errors
when they first design it.  

I don't know what DosQueryPathInfo does, but, in general, the general way
the canonical calls work now is that they do not depend on the thing being
an actual pathname on that system, but simply convert things that are
variants on the same valid pathname to that pathname.

View raw message