You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by "Aaron St.Pierre" <st...@awl.com> on 1998/03/24 17:10:48 UTC

general/1983: url parsing causing invalid URI

>Number:         1983
>Category:       general
>Synopsis:       url parsing causing invalid URI
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Mar 24 08:20:01 PST 1998
>Last-Modified:
>Originator:     stpiera@awl.com
>Organization:
apache
>Release:        1.2.4/1.2.5/1.2.6
>Environment:
gcc version 2.7.2
SunOS 5.5.1 Generic_103640-09 sun4u sparc SUNW,Ultra-2
>Description:
I first noticed this problem within a VirtualHost, and though it was limited
to the VirtualHost. The problem arises when one uses numbers as directory names.
(e.g. 1 2 3 4 5 ) Or any set of numbers in [0-9].* . This will generate a status 400
or "Bad Request" from the client to the server, instead of the expected "Not Found"
error. Examples : 
		http://www2.awl.com/234234234234
will generate a status 400 
		http://www.mathsurf.com/234234234324
will generate a status 400 :
Tue Mar 24 11:00:19 1998] Invalid URI in request GET /234234234 HTTP/1.0

		http:/www.mathsurf.com/234232324/index.html
will generate a status 200 message serving the page even though the /234232324
is totally invalid. Log file: 
lepton.awl.com - - [24/Mar/1998:10:50:43 -0500] "GET /234234234/images/3_5books.gif HTTP/1.0" 200 6668 "http://www.mathsurf.com/234234234/index.html" "Mozilla/3.01Gold (X11; I; SunOS 5.6 sun4u)" 0 
lepton.awl.com - - [24/Mar/1998:10:50:43 -0500] "GET /234234234/images/6_8books.gif HTTP/1.0" 200 6977 "http://www.mathsurf.com/234234234/index.html" "Mozilla/3.01Gold (X11; I; SunOS 5.6 sun4u)" 0 

Notes. 
	This only happens with strings that are a set of numbers of any length 
I tested this rigourously (hopeing to find an overflow :) Needless to say I didnt find
and overflow. 
	A vanilla installation of apache_1.2.4 apache_1.2.5 apache_1.2.6 with no
virtual hosts, no rewriteing on ... etc. shows the expected behaviour when the server
is queried for "http://somehost.somedomain.com/234234234234" (a file not found).
Though when my configuration is applied (using rewriting, virtual hosts..etc) the 
wierd behaviour comes back. One may say that it is my configuration, but to argue that
point I am not doing anything strange enough to elicit this type of problem. 
>How-To-Repeat:
http://www2.awl.com/234234234234234234234234/corp/ (note you dont have to type the numbers 
exactly any set of [0-9].* will work. 
http://www.mathsurf.com/234234234234324/index.html
http://www.mathsurf.com/ --> click on any grade link (except 1 or 3) ... 
>Fix:
Not yet.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]