Mailing List Archive: YMB (yet more bugs)

YMB (yet more bugs)

Apr 4, 1995, 11:08 AM

Post #1 of 16 (5070 views)

BUG 1:

This is a weird one, one I had known existed in NCSA but I thought we had
cleared up before but for some reason persists.

If you have a CGI script in a regular directory (because you enabled the
.cgi type) and you give it a PATH_INFO of just "/", instead of executing
the script it returns the text of the script. This can be seen at

http://www.hotwired.com/Changepass/renew.cgi/

This is in an unauthenticated space so any of you should be able to see
it. I have DirectoryIndex set to "index" and Multiviews turned on.
HOWEVER, on the exact same version running on hyperreal (modulo a few
changes I made to the 0.4 running on hotwired that shouldn't have
anything to do with this) this bug doesn't exist - check out

http://hyperreal.com/frontimages/randimage1.cgi/

These is a script inlined on hyperreal's home page - the "/" doesn't
affect this.

I can't think of any differences between the configurations I have for
these setups. Maybe SGI and BSDI have different responses when a stat()
fails? The log files are equally unhelpful (response code 200 for each,
nothing in error_log).

BUG 2: This is the second morning in a row I've come in and found dozens
of httpd's running away with the CPU on hyperreal. I don't have any idea
how to tell what's causing the logjam - requests are still getting
through very slowly, and those dozens aren't persistant, and a restart of
the parent process allows those children to go through fine. If someone
with a hyperreal account wants to look at it again tomorrow morning
when/if it happens that would be cool...

BUG 3: Maybe not really a bug, but if I have MultiViews turned on and I
hit a directory without specifying a file (i.e.
http://hyperreal.com/incoming/) the error_log records something like

[Tue Apr 4 11:03:59 1995] httpd: access to /export/pub/incoming/index
failed for totally.wired.com, reason: File not found; no multi in this directory

when in fact it generates an index just fine. I'd prefer not to have the
above situation logged in the error log, because it's not really an error.

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 11:51 AM

Post #2 of 16 (5021 views)

On Tue, 4 Apr 1995, Robert S. Thau wrote:
> BUG 1:
>
> If you have a CGI script in a regular directory (because you enabled the
> .cgi type) and you give it a PATH_INFO of just "/", instead of executing
> the script it returns the text of the script. This can be seen at
>
> http://www.hotwired.com/Changepass/renew.cgi/
>
> Try this:

The patch indeed fixed the problem, let's submit it formally. (I'm starting
to feel like a slacker here, all bug reporting and no bug fixing :)

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 11:56 AM

Post #3 of 16 (5016 views)

On Tue, 4 Apr 1995, Robert S. Thau wrote:
> No, DON'T try that. It breaks autoindexing completely. Grump...

Ack, he's right. Infinite redirects!

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 12:03 PM

Post #4 of 16 (5021 views)

On Tue, 4 Apr 1995, Rob Hartill wrote:
> Brian wrote...
> > The patch indeed fixed the problem, let's submit it formally. (I'm starting
> > to feel like a slacker here, all bug reporting and no bug fixing :)
>
> don't feel that way. Your feedback is very much appreciated. It's
> better to come from you now, than some someone we don't know
> beta testing Apache.
>
> I think you're doing a great job of keeping up with the patches and
> getting them online in a real-world setting.

Thanks :) I don't know if I told this forum yet, but I'll be leaving
hotwired on April 14th and going to Organic Online along with Cliff.
David Sanner at hotwired is on this list and will continue to be a part
of the apache group so we'll still have a high-volume testbed.

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/

Re: trailing slash bug [ In reply to ]

Apr 4, 1995, 12:17 PM

Post #5 of 16 (5021 views)

On Tue, 4 Apr 1995, Robert S. Thau wrote:
> This time for sure... [quoth Bullwinkle...]
>
> *** http_mime.c Sun Apr 2 18:14:22 1995
> --- ../http_mime.c Tue Apr 4 14:52:27 1995

...Almost. Now there's no PATH_INFO, the SCRIPT_NAME has the trailing
slash - though this is also true for the regular 0.4 for all CGI
requests, so maybe that's a separate bug elsewhere:

http://host/cgi-bin/printenv/extra-path

Gives:

SCRIPT_NAME = /cgi-bin/printenv
PATH_INFO = /extra-path

but

http://host/cgi-bin/printenv/

Gives:

SCRIPT_NAME = /cgi-bin/printenv/
(and no PATH_INFO variable)

when it should be

SCRIPT_NAME = /cgi-bin/printenv
PATH_INFO = /

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 12:20 PM

Post #6 of 16 (5020 views)

On Tue, 4 Apr 1995, Andrew Wilson wrote:
> > Thanks :) I don't know if I told this forum yet, but I'll be leaving
> > hotwired on April 14th and going to Organic Online along with Cliff.
> > David Sanner at hotwired is on this list and will continue to be a part
> > of the apache group so we'll still have a high-volume testbed.
>
> Best of luck, life must be really insane for you these days.

You don't *even* know.... :)

> Oh, your http://totally.wired.com/~brian/ is not being mapped onto index.html
> is that intentional or did you br0ke something?

Do'h - gotta extend that MultiViews to the home directories too... the
URL below works fine though.

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/

Re: trailing slash bug [ In reply to ]

Apr 4, 1995, 12:56 PM

Post #7 of 16 (5022 views)

On Tue, 4 Apr 1995, Robert S. Thau wrote:
> Third time's the charm.

Indeed, it is. This fixed the bugs I found around this issue. Patchfile
time! My intellectual scripting property is now safe again on hotwired :)

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 12:58 PM

Post #8 of 16 (5021 views)

Brian wrote...
> The patch indeed fixed the problem, let's submit it formally. (I'm starting
> to feel like a slacker here, all bug reporting and no bug fixing :)
>

don't feel that way. Your feedback is very much appreciated. It's
better to come from you now, than some someone we don't know
beta testing Apache.

I think you're doing a great job of keeping up with the patches and
getting them online in a real-world setting.

robh

Re: trailing slash bug [ In reply to ]

randy at dsndata

Apr 4, 1995, 1:56 PM

Post #9 of 16 (5010 views)

> Damn, and I didn't read those scripts while I had the chance. ;-).
>
> I'll be uploading this, along with a couple of improvements to multiviews,
> to hyperreal tonight. (The improvements to multiviews are that it will
> use foo.var as the type map if it finds it while looking for foo, and
> that it will use the absence of any recognized suffix, rather than
> the IndexIgnore code, to determine whether to ignore something that looks
> like it might be a variant).
>
> rst

Looking forward to it. I have a image display project that was
raising the questions on Multiviews this past weekend. I am
going to be wrapping that up tonight.

-Randy

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 2:40 PM

Post #10 of 16 (5023 views)

Date: Tue, 4 Apr 1995 10:08:05 -0800 (PST)
From: Brian Behlendorf <brian@wired.com>
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

BUG 1:

This is a weird one, one I had known existed in NCSA but I thought we had
cleared up before but for some reason persists.

If you have a CGI script in a regular directory (because you enabled the
.cgi type) and you give it a PATH_INFO of just "/", instead of executing
the script it returns the text of the script. This can be seen at

http://www.hotwired.com/Changepass/renew.cgi/

Try this:

*** http_script.c Tue Apr 4 14:35:10 1995
--- ../http_script.c Tue Apr 4 14:34:45 1995
***************
*** 57,63 ****
*need_multi = 0;
path_args[0] = '\0';

! for (cp = end; cp > path;) {

/* See if the pathname ending here exists... */

--- 57,68 ----
*need_multi = 0;
path_args[0] = '\0';

! /* Advance over trailing slashes ... NOT part of filename */
!
! for (cp = end; cp > path && cp[-1] == '/'; --cp)
! continue;
!
! while (cp > path) {

/* See if the pathname ending here exists... */

BUG 3: Maybe not really a bug, but if I have MultiViews turned on and I
hit a directory without specifying a file (i.e.
http://hyperreal.com/incoming/) the error_log records something like

[Tue Apr 4 11:03:59 1995] httpd: access to /export/pub/incoming/index
failed for totally.wired.com, reason: File not found; no multi in this directory

Hmmm... I can certainly see this occuring with MultiViews turned off
(which is what the "no multi in this directory" part means). However,
it's pretty clearly a bug. Fix forthcoming...

rst

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 2:48 PM

Post #11 of 16 (5020 views)

No, DON'T try that. It breaks autoindexing completely. Grump...

rst

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 2:58 PM

Post #12 of 16 (5018 views)

This time for sure... [quoth Bullwinkle...]

*** http_mime.c Sun Apr 2 18:14:22 1995
--- ../http_mime.c Tue Apr 4 14:52:27 1995
***************
*** 179,186 ****
--- 179,195 ----
int i,l,l2;
struct mime_ext *p;
char fn[MAX_STRING_LEN];
+ char *endp;

strcpy(fn,file);
+
+ /* Don't consider trailing slashes when trying to determine type... */
+
+ endp = fn + strlen(fn);
+
+ while (endp > fn && endp[-1] == '/')
+ *--endp = '\0';
+
if((i=rind(fn,'.')) >= 0) {
++i;
l=strlen(fn);

Re: trailing slash bug [ In reply to ]

Apr 4, 1995, 3:23 PM

Post #13 of 16 (5013 views)

Bleaaaah! Preserving that trailing slash is actually what keeps
the DirectoryIndex stuff from failing. I suppose I should have had
it check PATH_INFO instead; the advantage of fixing it in the MIME
code is that there are no side effects there on anything else at all.

In fact, I could go back to plan A, have it check PATH_INFO for the
trailing slash (instead of the main filename) on redirects, and hope
nothing else goes wrong. Deal?

rst

Re: trailing slash bug [ In reply to ]

Apr 4, 1995, 3:39 PM

Post #14 of 16 (5014 views)

Third time's the charm. This should, incidentally, also fix the bogus
MultiViews error messages in your error_log:

Only in ../src.ref: Makefile
diff -c ../src.ref/http_get.c ./http_get.c
*** ../src.ref/http_get.c Sun Apr 2 10:49:39 1995
--- ./http_get.c Tue Apr 4 15:35:02 1995
***************
*** 149,155 ****
if(S_ISDIR(finfo.st_mode)) {
char ifile[MAX_STRING_LEN];

! if(file[strlen(file) - 1] != '/') {
char url[MAX_STRING_LEN];
strcpy_dir(ifile,file);
unmunge_name(ifile);
--- 149,155 ----
if(S_ISDIR(finfo.st_mode)) {
char ifile[MAX_STRING_LEN];

! if(pa[0] != '/') {
char url[MAX_STRING_LEN];
strcpy_dir(ifile,file);
unmunge_name(ifile);
***************
*** 159,166 ****
}
make_full_path(file,index_name,ifile);
if(stat(ifile,&finfo) == -1) {
! if(handle_multi(ifile, MAX_STRING_LEN, 0, allow_options,
! &finfo, fd))
send_file (ifile,fd,&finfo,pa,args,in);
else if(allow_options & OPT_INDEXES)
index_directory(file,fd);
--- 159,167 ----
}
make_full_path(file,index_name,ifile);
if(stat(ifile,&finfo) == -1) {
! if(allow_options & OPT_MULTI
! && handle_multi(ifile, MAX_STRING_LEN, 0, allow_options,
! &finfo, fd))
send_file (ifile,fd,&finfo,pa,args,in);
else if(allow_options & OPT_INDEXES)
index_directory(file,fd);
Only in ../src.ref: http_mime.c.orig
Only in ../src.ref: http_mime_db.c.orig
diff -c ../src.ref/http_script.c ./http_script.c
*** ../src.ref/http_script.c Tue Apr 4 14:48:27 1995
--- ./http_script.c Tue Apr 4 15:35:03 1995
***************
*** 57,63 ****
*need_multi = 0;
path_args[0] = '\0';

! for (cp = end; cp > path;) {

/* See if the pathname ending here exists... */

--- 57,68 ----
*need_multi = 0;
path_args[0] = '\0';

! /* Advance over trailing slashes ... NOT part of filename */
!
! for (cp = end; cp > path && cp[-1] == '/'; --cp)
! continue;
!
! while (cp > path) {

/* See if the pathname ending here exists... */

Only in ../src.ref: http_script.c.orig

Re: trailing slash bug [ In reply to ]

Apr 4, 1995, 4:07 PM

Post #15 of 16 (5023 views)

Damn, and I didn't read those scripts while I had the chance. ;-).

I'll be uploading this, along with a couple of improvements to multiviews,
to hyperreal tonight. (The improvements to multiviews are that it will
use foo.var as the type map if it finds it while looking for foo, and
that it will use the absence of any recognized suffix, rather than
the IndexIgnore code, to determine whether to ignore something that looks
like it might be a variant).

rst

Re: YMB (yet more bugs) [ In reply to ]

Apr 4, 1995, 8:05 PM

Post #16 of 16 (5036 views)

> Thanks :) I don't know if I told this forum yet, but I'll be leaving
> hotwired on April 14th and going to Organic Online along with Cliff.
> David Sanner at hotwired is on this list and will continue to be a part
> of the apache group so we'll still have a high-volume testbed.

Best of luck, life must be really insane for you these days.

Oh, your http://totally.wired.com/~brian/ is not being mapped onto index.html
is that intentional or did you br0ke something?

> Brian
>
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/
>
>

Ay.