perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael A. Capone" <mcap...@cablewholesale.com>
Subject Unsuccessful stat on filename containing newline in RegistryCooker.pm
Date Thu, 14 Feb 2013 01:39:17 GMT
Hi Folks,

I'm reasonably certain that this is just a misconfigured mod_perl server 
on my part, but I can't seem to find a solution for it.

We are currently running ModPerl::Registry to serve legacy CGI code.  
Now, consider the following URL, with an embedded newline:

http://www.mysite.com/cgi-bin/search.cgi%0d%0a

Since we obviously don't have a CGI file named with a trailing newline 
character, I would expect apache to return a 404 Not Found.  However, 
apache happily hands the URL off to mod_perl, which attempts to stat 
search.cgi(newline), and fails with:

[Wed Feb 13 16:27:33 2013] [error] [client 192.168.254.21] Unsuccessful 
stat on filename containing newline at 
/usr/local/lib64/perl5/ModPerl/RegistryCooker.pm line 787.\n

... which in turn results in a 500 Server Error.

Trying a similar URL with a php file on the same server correctly 
returns a 404.  Also, requesting a file like 
/cgi-bin/this_file_does_not_exist.cgi correctly returns a 404.  However, 
/cgi-bin/this_file_does_not_exist.cgi%0d%0a returns 500.

What can / should I do to get the "correct" behaviour out of mod_perl?  
I could probably do something with a mod_rewrite RewriteRule to strip 
newlines, but I feel like I shouldn't have to run every request through 
a RewriteRule.  I could also accept if mod_perl treated this as a 
warning, but that's not the case here.

Here is line 787 of RegistryCooker.pm, btw:

783: # XXX: should go away when finfo() is ported to 2.0 (don't want to
784: # depend on compat.pm)
785: sub Apache2::RequestRec::my_finfo {
786:     my $r = shift;
787:     stat $r->filename;
788:     \*_;
789: }

Thoughts?

Thanks!
Michael

Mime
View raw message