Received: (from majordom@localhost)
          by hyperreal.com (8.8.4/8.8.4)
	  id NAA18973; Thu, 24 Apr 1997 13:50:04 -0700 (PDT)
Received: (from gnats@localhost)
          by hyperreal.com (8.8.4/8.8.4)
	  id NAA18955; Thu, 24 Apr 1997 13:50:01 -0700 (PDT)
Date: Thu, 24 Apr 1997 13:50:01 -0700 (PDT)
Message-Id: <199704242050.NAA18955@hyperreal.com>
From: Mark Bentley <bentlema@cs.umn.edu>
Reply-To: Mark Bentley <bentlema@cs.umn.edu>
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org
Subject: suexec/479: mod_cgi passing foobared username argument to suEXEC
In-Reply-To: Your message of Thu, 24 Apr 1997 13:40:37 -0700 (PDT)
	<199704242040.NAA15704@hyperreal.com>
Sender: apache-bugdb-owner@apache.org
Precedence: bulk


>Number:         479
>Category:       suexec
>Synopsis:       mod_cgi passing foobared username argument to suEXEC
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Apr 24 13:50:01 1997
>Originator:     bentlema@cs.umn.edu
>Organization:
apache
>Release:        1.2b8
>Environment:
IRIX 5.3, gcc
>Description:
When passing a query string to a cgi script, apache passwd the username with
a leading backslash.   

This is the error returned by suEXEC:

  invalid target user name: (\~amundson)

Here's what haha.cgi looks like:

	#!/opt/gnu/bin/perl

	print "Content-type: text/html\n\n";
	print "hello";

>How-To-Repeat:
Works:
http://www.cs.umn.edu/~amundson/haha.cgi

Doesn't work:
http://www.cs.umn.edu/~amundson/haha.cgi?foo

Works:
http://www.cs.umn.edu/~amundson/haha.cgi?foo=bar
>Fix:

>Audit-Trail:
>Unformatted: