www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dik Winter <...@cwi.nl>
Subject general/5619: Some URLS hang httpd while consuming processor time
Date Fri, 21 Jan 2000 16:17:19 GMT

>Number:         5619
>Category:       general
>Synopsis:       Some URLS hang httpd while consuming processor time
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Jan 21 08:20:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     dik@cwi.nl
>Release:        1.3.9
>Organization:
apache
>Environment:
IRIX64 info4u 6.5 04151556 IP27
Compiler: gcc
>Description:
If a request contains an URL that in turn contains the escape '%2E' followed
by a C-language floating-point format specifier, and if the requested file
does not exist the httpd will hang.  At least on SGI systems.
>How-To-Repeat:
http://sgimachine/%257Etest
>Fix:
The bug is in src/main/http_core.c.  The lines:
        char *emsg;

        emsg = "File does not exist: ";
        if (r->path_info == NULL) {
            emsg = ap_pstrcat(r->pool, emsg, r->filename, NULL);
        }
        else {
            emsg = ap_pstrcat(r->pool, emsg, r->filename, r->path_info, NULL);
        }
        ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, emsg);
are wrong, because "emsg" is used as format and can contain a percent
sign when it is also in the URL.  Note that the error is apparently fixed in
the 2.0 CVS tree.
This bug is important enough to also fix in the latest release.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message