You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/04/14 11:54:40 UTC

DO NOT REPLY [Bug 28376] New: - log overflows with a long request

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28376>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28376

log overflows with a long request

           Summary: log overflows with a long request
           Product: Apache httpd-2.0
           Version: 2.0.49
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: turutani@scphys.kyoto-u.ac.jp


When apache server (2.0.49 on FreeBSD 4.9-STABLE) received the request 
of too-long-uri, the log file contains some extra characters after request.
I cannot examine about all the cases with this kind of request, but fairly 
a lot percentage of requests left this additonal characters.

Example of access.log in combined format:
211.187.40.249 - - [05/Apr/2004:10:58:00 +0900] "SEARCH /\x90\x02\xb1\x02\xb1\x0
2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
(snip)
0\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x9
0\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x9
0\x90\x90\x90\x90\x90\x90y-lang.org/\">Ruby</a> version 1.6.8</p>\n</body>\n</ht
(rest abbrev.)
                         ^^ <--after this might be wrong log !? 

I think, when a long request reaches ap_rgetline_core() in server/protocol.c, 
APR_ENOSPC is returned, but no terminating by NUL nor other character is done 
in the case, while in other cases careful termination are done in this function.

I tried by myself by sending ill request to my server, and found the same 
result. It showed that, the request was recorded, but not the entire request, 
and instead, some extra characters which is not contained in the request sent 
was recorded.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org