www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Bentley <bentl...@cs.umn.edu>
Subject suexec/479: mod_cgi passing foobared username argument to suEXEC
Date Thu, 24 Apr 1997 20:50:01 GMT

>Number:         479
>Category:       suexec
>Synopsis:       mod_cgi passing foobared username argument to suEXEC
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Apr 24 13:50:01 1997
>Originator:     bentlema@cs.umn.edu
>Organization:
apache
>Release:        1.2b8
>Environment:
IRIX 5.3, gcc
>Description:
When passing a query string to a cgi script, apache passwd the username with
a leading backslash.   

This is the error returned by suEXEC:

  invalid target user name: (\~amundson)

Here's what haha.cgi looks like:

	#!/opt/gnu/bin/perl

	print "Content-type: text/html\n\n";
	print "hello";

>How-To-Repeat:
Works:
http://www.cs.umn.edu/~amundson/haha.cgi

Doesn't work:
http://www.cs.umn.edu/~amundson/haha.cgi?foo

Works:
http://www.cs.umn.edu/~amundson/haha.cgi?foo=bar
>Fix:

>Audit-Trail:
>Unformatted:



Mime
View raw message