httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zvi Har'El" ...@math.technion.ac.il>
Subject Re: overflow in mod_autoindex suspected - solaris - httpd 2.2.*
Date Thu, 18 Jan 2007 12:28:36 GMT
I believe this is really a problem of the HTTP client protocol level. in
HTTP/1.1 we get a failure, and HTTP/1.0  or HTTPS (1.1 or 1.0) success,
for example:


=====================================================================

HTTP/1.1

=======

 ~$ curl -v http://www.math.technion.ac.il/test_mod_auto_index/256/
* About to connect() to www.math.technion.ac.il port 80 (#0)
*   Trying 132.68.115.2... connected
* Connected to www.math.technion.ac.il (132.68.115.2) port 80 (#0)
> GET /test_mod_auto_index/256/ HTTP/1.1
> User-Agent: curl/7.16.0 (i686-pc-linux-gnu) libcurl/7.16.0
OpenSSL/0.9.8d zlib/1.2.3 libidn/0.5.6
> Host: www.math.technion.ac.il
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 18 Jan 2007 12:17:23 GMT
< Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8d PHP/4.4.4
< Transfer-Encoding: chunked
< Content-Type: text/html
* Connection #0 to host www.math.technion.ac.il left intact
* Closing connection #0

=========================================================================

HTTP/1.0

=======

~$ curl -v -0 http://www.math.technion.ac.il/test_mod_auto_index/256/

* About to connect() to www.math.technion.ac.il port 80 (#0)
*   Trying 132.68.115.2... connected
* Connected to www.math.technion.ac.il (132.68.115.2) port 80 (#0)
> GET /test_mod_auto_index/256/ HTTP/1.0
> User-Agent: curl/7.16.0 (i686-pc-linux-gnu) libcurl/7.16.0
OpenSSL/0.9.8d zlib/1.2.3 libidn/0.5.6
> Host: www.math.technion.ac.il
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 18 Jan 2007 12:17:33 GMT
< Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8d PHP/4.4.4
< Connection: close
< Content-Type: text/html
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<pre><img src="/icons/blank.gif" alt="Icon " width="20" height="22"> <a
href="?C=N;O=D">Name</a>                    <a href="?C=M;O=A">Last
modified</a>      <a href="?C=S;O=A">Size</a>  <a
href="?C=D;O=A">Description</a><hr><img src="/icons/back.gif"
alt="[DIR]" width="20" height="22"> <a
href="/test_mod_auto_index/">Parent
Directory</a>                             -   
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="1">1</a>                       14-Jan-2007 14:11    0   
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="2">2</a>                       14-Jan-2007 14:11    0   
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="3">3</a>                       14-Jan-2007 14:11    0   
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="KUKU">KUKU</a>                    14-Jan-2007 14:20  256   
<hr></pre>
<address>Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8d PHP/4.4.4
Server at <a
href="mailto:webmaster@math.technion.ac.il">www.math.technion.ac.il</a>
Port 80</address>
</body></html>
* Closing connection #0


HTTPS

=====

~$ curl -v https://www.math.technion.ac.il/test_mod_auto_index/256/
* About to connect() to www.math.technion.ac.il port 443 (#0)
*   Trying 132.68.115.2... connected
* Connected to www.math.technion.ac.il (132.68.115.2) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/curl/curl-ca-bundle.crt
  CApath: /opt/openssl/certs
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*        subject: /CN=www.math.technion.ac.il
*        start date: 2006-10-20 23:39:43 GMT
*        expire date: 2007-04-18 23:39:43 GMT
*        subjectAltName: www.math.technion.ac.il matched
*        issuer: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/emailAddress=support@cacert.org
* SSL certificate verify ok.
> GET /test_mod_auto_index/256/ HTTP/1.1
> User-Agent: curl/7.16.0 (i686-pc-linux-gnu) libcurl/7.16.0
OpenSSL/0.9.8d zlib/1.2.3 libidn/0.5.6
> Host: www.math.technion.ac.il
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 18 Jan 2007 12:23:56 GMT
< Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8d PHP/4.4.4
< Transfer-Encoding: chunked
< Content-Type: text/html
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<pre><img src="/icons/blank.gif" alt="Icon " width="20" height="22"> <a
href="?C=N;O=D">Name</a>                    <a href="?C=M;O=A">Last
modified</a>      <a href="?C=S;O=A">Size</a>  <a
href="?C=D;O=A">Description</a><hr><img src="/icons/back.gif"
alt="[DIR]" width="20" height="22"> <a
href="/test_mod_auto_index/">Parent
Directory</a>                             -  
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="1">1</a>                       14-Jan-2007 14:11    0  
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="2">2</a>                       14-Jan-2007 14:11    0  
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="3">3</a>                       14-Jan-2007 14:11    0  
<img src="/icons/text.gif" alt="[TXT]" width="20" height="22"> <a
href="KUKU">KUKU</a>                    14-Jan-2007 14:20  256  
<hr></pre>
<address>Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8d PHP/4.4.4
Server at <a
href="mailto:webmaster@math.technion.ac.il">www.math.technion.ac.il</a>
Port 443</address>
</body></html>
* Connection #0 to host www.math.technion.ac.il left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

Derek Cooper wrote, On 18/01/07 02:04:

>  The problem that in an autogenerated directory index, if the
>   
>> 'HeaderName' file is 256 bytes or more, and it has mime type text/html,
>> Apache returns an empty page. You can look at
>> http://www.math.technion.ac.il/test_mod_auto_index/ for a
>> demonstration. The same test on a RedHat Enterprise Linux 4 succeeds.
>>   
>> Thanks,
>>   
>> Zvi.
>>     
>  
>
> I have experienced the same problem with Apache 2.2.0 on Solaris 2.8.  Would not
> have found a solution if not for this report.  I have found that while I get a
> blank index returned in MS IE 6 on Win2k, Netscape 7.1 in Win2k and Firefox 1.5
> on Solaris 8, if I telnet into the server and GET a directory, the properly
> formatted index is returned.  I can also get a properly formatted index by
> connecting with Netscape 4.76 on Solaris or Win2k.  I worked around the problem
> using SSI with an shtml file containing only an include for a file containing
> the original content of my HeaderName file and another for my ReadmeName file. 
> The problem is exhibited with a ReadmeName file over 255 bytes as well.
> Derek
> derekcooper30[at]hotmail_dot_com
>
>
>
>   

-- 
Dr. Zvi Har'El      mailto:rl@math.technion.ac.il    Department of Mathematics
tel:+972-54-4227607 icq:179294841    Technion - Israel Institute of Technology
fax:+972-4-8293388  http://www.math.technion.ac.il/~rl/    Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)


Mime
View raw message