www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject mod_cgi/543: "%2F" not allowed in VGI script PATH_INFO
Date Sun, 04 May 1997 18:40:01 GMT

>Number:         543
>Category:       mod_cgi
>Synopsis:       "%2F" not allowed in VGI script PATH_INFO
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun May  4 11:40:00 1997
>Originator:     marcs@znep.com
>Organization:
apache
>Release:        1.2b?
>Environment:
N/A
[entered from mail to make a formal PR]
>Description:
If foo is a script, and you try to access foo/bar/baz, it will run foo and
pass /bar/baz as PATH_INFO.  If you try to access foo/bar%2fbaz, it will
return NOT_FOUND because of unescape_url in util.c:

                if (url[x] == '/' || url[x] == '\0') badpath = 1;

Smells like a bug.  Once again (sigh) no time to look more deeply, would
appreciate if someone familiar with that area take a look...
>How-To-Repeat:

>Fix:
[paraphrase from Roy]
If you reduce all %2f occurrences to '/' before doing any processing
on the path, that should do it - at the expense of not being able to
handle any filenames that actually include '/'
>Audit-Trail:
>Unformatted:



Mime
View raw message