www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Atwill <ja...@cryptocard.com>
Subject mod_actions/4553: Script PUT /cgi-bin/mycgi.cgi does not work
Date Thu, 10 Jun 1999 01:35:01 GMT

>Number:         4553
>Category:       mod_actions
>Synopsis:       Script PUT /cgi-bin/mycgi.cgi  does not work
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Jun  9 18:40:00 PDT 1999
>Last-Modified:
>Originator:     james@cryptocard.com
>Organization:
apache
>Release:        1.3.4
>Environment:
Linux corkscrew.cryptocard.com 2.0.36 #8 Wed Feb 3 19:17:47 EST 1999 i686 unknown  

[root@corkscrew bin]# ldd httpd
        libmysqlclient.so.6 => /home/www/mysql/lib/mysql/libmysqlclient.so.6 (0x40000000)
        libldap.so.1 => /home/www/openldap/lib/libldap.so.1 (0x40012000)
        liblber.so.1 => /home/www/openldap/lib/liblber.so.1 (0x40024000)
        libz.so.1 => /usr/lib/libz.so.1 (0x4002d000)
        libpam.so.0 => /lib/libpam.so.0 (0x4003d000)
        libm.so.6 => /lib/libm.so.6 (0x40044000)
        libdl.so.2 => /lib/libdl.so.2 (0x4005d000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40060000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x4008d000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40093000)
        libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x400a1000)
        libc.so.6 => /lib/libc.so.6 (0x400a7000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x4014b000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00000000)      
(php3 support and OpenSSL compiled in)

Red Hat 5.2 system.  
>Description:
Script PUT /cgi-bin/pub.cgi   is in main section of stock 1.3.4 httpd.conf
file with ssl additions and php3 additions.  It's listed before the first
<Directory> directive.  

Netscape Composer is used to issue the PUT request, which Apache
receives as:

192.168.10.43 - - [09/Jun/1999:20:24:22 -0400] "PUT /registerwelcome.html HTTP/1.0" 200 0
 

because the file exists.

This causes Apache to (strace -ff):

[pid  4179] <... accept resumed> {sin_family=AF_INET, sin_port=htons(32423), sin_addr=inet_addr("192.168.10.43")},
[16]) = 3
[pid  4179] flock(21, LOCK_UN)          = 0
[pid  4179] sigaction(SIGUSR1, {SIG_IGN}, {0x80ad5b8, [], SA_NOMASK|0xa1f8}) = 0
[pid  4179] getsockname(3, {sin_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("206.248.21.75")},
[16]) = 0
[pid  4179] setsockopt(3, IPPROTO_TCP1, [1], 4) = 0
[pid  4179] brk(0x8148000)              = 0x8148000
[pid  4179] brk(0x814b000)              = 0x814b000
[pid  4179] read(3,  <unfinished ...>
[pid  4180] <... flock resumed> )       = 0
[pid  4180] accept(15,  <unfinished ...>
[pid  4179] <... read resumed> "PUT /registerwelcome.html HTTP/1"..., 4096) = 310
[pid  4179] sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
[pid  4179] time(NULL)                  = 928974262
[pid  4179] read(3, "Content-Length: 1049\r\n\r\n<!do"..., 4096) = 1073
[pid  4179] stat("/home/www/apache/htdocs/registerwelcome.html", {st_mode=0, st_size=0, ...})
= 0
[pid  4179] open("/home/www/apache/htdocs/registerwelcome.html", O_RDONLY) = 4
[pid  4179] fcntl(4, F_DUPFD, 15)       = 23
[pid  4179] close(4)                    = 0
[pid  4179] umask(077)                  = 02
[pid  4179] umask(02)                   = 077
[pid  4179] chdir("/home/www/apache/htdocs") = 0
[pid  4179] setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) = 0
[pid  4179] sigaction(SIGPROF, {0x80693a4, [], SA_STACK|0x1382b4}, {SIG_DFL}) = 0
[pid  4179] mmap(0, 200704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40287000
[pid  4179] fcntl(23, F_GETFL)          = 0 (flags O_RDONLY)
[pid  4179] fstat(23, {st_mode=0, st_size=0, ...}) = 0
[pid  4179] mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x402b8000
[pid  4179] lseek(23, 0, SEEK_CUR)      = 0
[pid  4179] brk(0x8150000)              = 0x8150000
[pid  4179] ioctl(23, TCGETS, 0xbffff9f8) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4179] ioctl(23, TCGETS, 0xbffffa10) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4179] ioctl(23, TCGETS, 0xbffff9d0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4179] read(23, "", 4096)          = 0
[pid  4179] ioctl(23, TCGETS, 0xbfffea20) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4179] umask(02)                   = 02
[pid  4179] close(23)                   = 0
[pid  4179] time(NULL)                  = 928974262
[pid  4179] write(19, "192.168.10.43 - - [09/Jun/1999:2"..., 90) = 90
[pid  4179] time(NULL)                  = 928974262
[pid  4179] write(17, "[09/Jun/1999 20:24:22] [info]  C"..., 96) = 96
[pid  4179] write(3, "HTTP/1.1 200 OK\r\nDate: Thu, 10"..., 178) = 178
[pid  4179] shutdown(3, 1 /* send */)   = 0
[pid  4179] select(4, [3], NULL, NULL, {2, 0}) = 1 (in [3], left {1, 990000})
[pid  4179] read(3, "", 512)            = 0
[pid  4179] close(3)                    = 0
[pid  4179] sigaction(SIGUSR1, {0x80ad5b8, [], 0}, {SIG_IGN}) = 0
[pid  4179] munmap(0x40287000, 200704)  = 0
[pid  4179] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  4179] munmap(0x402b8000, 4096)    = 0
[pid  4179] setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
[pid  4179] flock(21, LOCK_EX 

CGI is never called.

If however, I attempt to upload a file to a directory which does not exist
(/X/ in this example), the Script directive is triggered.

[pid  4180] brk(0x814b000)              = 0x814b000
[pid  4180] read(3, "PUT /X/registerwelcome.html HTTP"..., 4096) = 312
[pid  4180] sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
[pid  4180] time(NULL)                  = 928974417
[pid  4180] read(3, "Content-Length: 1049\r\n\r\n<!do"..., 4096) = 1073
[pid  4180] stat("/home/www/apache/htdocs/X/registerwelcome.html", 0xbffff9bc) = -1 ENOENT
(No such file or directory)
[pid  4180] stat("/home/www/apache/htdocs/X", 0xbffff9bc) = -1 ENOENT (No such file or directory)
[pid  4180] stat("/home/www/apache/htdocs", {st_mode=0, st_size=0, ...}) = 0
[pid  4180] stat("/home/www/apache/cgi-bin/pub.cgi/X/registerwelcome.html", 0xbffff954) =
-1 ENOTDIR (Not a directory)
[pid  4180] stat("/home/www/apache/cgi-bin/pub.cgi/X", 0xbffff954) = -1 ENOTDIR (Not a directory)
[pid  4180] stat("/home/www/apache/cgi-bin/pub.cgi", {st_mode=0, st_size=0, ...}) = 0    
    
[pid  4180] lstat("/home/www/apache/cgi-bin/pub.cgi", {st_mode=0, st_size=0, ...}) = 0
[pid  4180] pipe([4, 5])                = 0
[pid  4180] pipe([6, 7])                = 0
[pid  4180] pipe([8, 9])                = 0
[pid  4180] fork()                      = 4184 

and my cgi returns its data:

192.168.10.43 - - [09/Jun/1999:20:26:57 -0400] "PUT /X/registerwelcome.html HTTP/1.0" 204
56  


--
If I rm the file I'm attempting to put in the / directory (/registerwelcome.html) and
attempt the PUT, Apache logs:

92.168.10.43 - - [09/Jun/1999:20:35:07 -0400] "PUT /registerwelcome.html HTTP/1.0" 404 293
  


Strace shows:

  <unfinished ...>
[pid  4179] <... accept resumed> {sin_family=AF_INET, sin_port=htons(32486), sin_addr=inet_addr("192.168.10.43")},
[16]) = 3
[pid  4179] flock(21, LOCK_UN)          = 0
[pid  4179] sigaction(SIGUSR1, {SIG_IGN}, {0x80ad5b8, [], 0}) = 0
[pid  4179] getsockname(3, {sin_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("206.248.21.75")},
[16]) = 0
[pid  4179] setsockopt(3, IPPROTO_TCP1, [1], 4) = 0
[pid  4179] read(3,  <unfinished ...>
[pid  4181] <... flock resumed> )       = 0
[pid  4181] accept(15,  <unfinished ...>
[pid  4179] <... read resumed> "PUT /registerwelcome.html HTTP/1"..., 4096) = 310
[pid  4179] sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
[pid  4179] time(NULL)                  = 928974907
[pid  4179] read(3, "Content-Length: 1049\r\n\r\n<!do"..., 4096) = 1073
[pid  4179] stat("/home/www/apache/htdocs/registerwelcome.html", 0xbffff9bc) = -1 ENOENT (No
such file or directory)
[pid  4179] stat("/home/www/apache/htdocs", {st_mode=0, st_size=0, ...}) = 0
[pid  4179] select(4, [3], NULL, NULL, {0, 0}) = 0 (Timeout)
[pid  4179] write(3, "HTTP/1.1 404 Not Found\r\nDate: "..., 478) = 478
[pid  4179] time(NULL)                  = 928974907
[pid  4179] write(19, "192.168.10.43 - - [09/Jun/1999:2"..., 92) = 92
[pid  4179] time(NULL)                  = 928974907
[pid  4179] write(17, "[09/Jun/1999 20:35:07] [info]  C"..., 96) = 96
[pid  4179] shutdown(3, 1 /* send */)   = 0
[pid  4179] select(4, [3], NULL, NULL, {2, 0}) = 1 (in [3], left {1, 320000})
[pid  4179] read(3, "", 512)            = 0
[pid  4179] close(3)                    = 0
[pid  4179] sigaction(SIGUSR1, {0x80ad5b8, [], 0}, {SIG_IGN}) = 0
[pid  4179] flock(21, LOCK_EX   

....
>How-To-Repeat:
Take an empty httpd.conf

Use (pub.c):

#include <stdio.h>
#include <stdlib.h>

void main(int ac,char **av)
{
  FILE *fp=fopen("/tmp/published","a");
  char foo[1024];
  fprintf(fp,"REQUEST_METHOD=%s\n",getenv("REQUEST_METHOD"));
  fprintf(fp,"PATH_TRANSLATED=%s\n",getenv("PATH_TRANSLATED"));
  fprintf(fp,"CONTENT_LENGTH=%s\n",getenv("CONTENT_LENGTH"));
  fprintf(fp,"PATH_INFO=%s\n",getenv("PATH_INFO"));
  fgets(foo,1023,stdin);
  fprintf(fp,"DATA=\"%s\"",foo);
  fclose(fp);
  printf("Status: 204\n");
  printf("Content-type: text/html\n\n");
  printf("<HEAD><TITLE>OK</TITLE></HEAD><H1>Content Accepted</H1>\n");
  return;
}

gcc pub.c -o ~www/cgi-bin/pub.cgi

Add 

  Script PUT /cgi-bin/pub.cgi

in the config.

SIGHUP 

Attempt to publish a file /test.html

>Fix:
No.


>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]




Mime
View raw message