Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Dev
Bug ? Returning some file instead of failing
guillaum at clipper
Sep 17, 1995, 9:10 PM
Post #1 of 2 (147 views)
Permalink
In apache 0.8.13 :

If I have a file /home/guillaum/somefile.html
and I request /home/guillaum/somefile.html/dummy/path
then somefile.html is returned.
This can be worse in MultiViews, because somefile.html is also
returned if I request /home/guillaum/somefile/dummy/path

I *think* this bug could be cured by testing r->path_info in the
default_handler and refusing to proceed if it is not NULL or "".

But I don't know enough of the interactions with cgi and includes to
know if this will work in all circumstances.

-- Florent
Re: Bug ? Returning some file instead of failing [ In reply to ]
ben at gonzo
Sep 19, 1995, 8:17 AM
Post #2 of 2 (143 views)
Permalink
>
> In apache 0.8.13 :
>
> If I have a file /home/guillaum/somefile.html
> and I request /home/guillaum/somefile.html/dummy/path
> then somefile.html is returned.
> This can be worse in MultiViews, because somefile.html is also
> returned if I request /home/guillaum/somefile/dummy/path
>
> I *think* this bug could be cured by testing r->path_info in the
> default_handler and refusing to proceed if it is not NULL or "".

I've been looking into this one but the problem is that it isn't clear
to me what the roles of filename and path_info are supposed to be. It seems
that filename is the name of the first file that can be stat'ed, working from
the right, and path_info is what is left over. This looks like it is supposed
to make it possible to hide CGI stuff (and possibly other things) as if it
were a directory, i.e. /cgi/somescript/x/y/z would run somescript, with
something (what?) telling it that there was /x/y/z on the end. Quite neat.
Is it documented anywhere, or am I wrong?

>
> But I don't know enough of the interactions with cgi and includes to
> know if this will work in all circumstances.

Nor do I, but you could try this patch (it works for simple cases):

*** ../../apache_0.8.13/src/http_core.c Wed Aug 23 02:16:07 1995
--- http_core.c Tue Sep 19 16:10:43 1995
***************
*** 661,668 ****
FILE *f;

if (r->method_number != M_GET) return DECLINED;
! if (r->finfo.st_mode == 0) {
! log_reason("File does not exist", r->filename, r);
return NOT_FOUND;
}

--- 661,668 ----
FILE *f;

if (r->method_number != M_GET) return DECLINED;
! if (r->finfo.st_mode == 0 || (r->path_info && *r->path_info)) {
! log_reason("File does not exist", pstrcat(r->pool,r->filename,r->path_in
fo,NULL), r);
return NOT_FOUND;
}

Note that even if this isn't right, something needs to be done about the
log_reason().

>
> -- Florent

Cheers,

Ben.

--
Ben Laurie Phone: +44 (181) 994 6435
Freelance Consultant Fax: +44 (181) 994 6472
and Technical Director Email: ben@algroup.co.uk (preferred)
A.L. Digital Ltd, benl@fear.demon.co.uk (backup)
London, England.

[.Note for the paranoid: "fear" as in "Fear and Loathing
in Las Vegas", "demon" as in Demon Internet Services, a
commercial Internet access provider.]

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal