You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/11/04 16:05:36 UTC
DO NOT REPLY [Bug 14227] New: -
Error handling script is not started (error 500) on non-UTF-8 URLs
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14227>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14227
Error handling script is not started (error 500) on non-UTF-8 URLs
Summary: Error handling script is not started (error 500) on non-
UTF-8 URLs
Product: Apache httpd-2.0
Version: 2.0.43
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Other
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: wolf-dietrich.moeller@siemens.com
If a URI contains bytes above 0x7F which do not result in valid UTF-8
characters, start of a script with the ErrorDocument directive fails.
This happens if the browser sends e.g. Latin-1 characters in the URL either
1) without url-encoding (Netscape 4.7), or
2) url-encoded, but not translated to UTF-8 (Mozilla 5.0).
If the non-UTF-8 bytes occur in the query string part of the URI, it seems that
this crash occurs only without url-encoding (case 1).
This error prevents customized error handling in case of mis-spelled or
otherwise incorrect URIs.
Example URL called (this File does not exist on the server)
in Netscape 4.7: https://localhost/Information/Law/�s/index.de.html
in Mozilla 5.0: https://localhost/Information/Law/%C4s/index.de.html
----------------------------------------------
Configuration without ErrorDocument-Directive:
Error message (for both requests):
Forbidden
You don't have permission to access /Information/Law/�s/index.de.html on this
server.
Apache/2.0.43 Server at localhost Port 443
Entry in access.log:
Netscape 4.7: 127.0.0.1 - - [03/Nov/2002:10:43:52 +0100] SSLv3 RC4-MD5 "GET
/Information/Law/�s/index.de.html HTTP/1.0" 403 358 "-" "Mozilla/4.78 [de]
(WinNT; U)"
Mozilla 5.0 : 127.0.0.1 - - [03/Nov/2002:10:28:02 +0100] TLSv1 RC4-MD5 "GET
/Information/Law/%C4s/index.de.html HTTP/1.1" 403 358 "-" "Mozilla/5.0 (Windows;
U; WinNT4.0; en-US; rv:1.2a) Gecko/20020910"
Entries in error.log:
_no_ entries
----------------------------------------------
Configuration with "ErrorDocument 403 /cgi/Invalid.cgi":
Error message (for both requests):
Forbidden
You don't have permission to access /Information/Law/�s/index.de.html on this
server.
Additionally, a 500 Internal Server Error error was encountered while trying to
use an ErrorDocument to handle the request.
Apache/2.0.43 Server at localhost Port 443
Entry in access.log:
Netscape 4.7: 127.0.0.1 - - [03/Nov/2002:10:50:12 +0100] SSLv3 RC4-MD5 "GET
/Information/Law/�s/index.de.html HTTP/1.0" 500 - "-" "Mozilla/4.78 [de] (WinNT; U)"
Mozilla 5.0: 127.0.0.1 - - [03/Nov/2002:10:30:30 +0100] TLSv1 RC4-MD5 "GET
/Information/Law/%C4s/index.de.html HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows;
U; WinNT4.0; en-US; rv:1.2a) Gecko/20020910"
Entries in error.log (same for both requests):
[Sun Nov 03 10:30:30 2002] [error] [client 127.0.0.1] (22)Invalid argument:
couldn't create child process: 22: Invalid.cgi
[Sun Nov 03 10:30:30 2002] [error] [client 127.0.0.1] (22)Invalid argument:
couldn't spawn child process: D:/Web/cgi/Invalid.cgi
-------------------------------------------------
Additional notes:
1) Bug is tested under WinNT4.0 and Windows XP, Apache/2.0.43 (WIN32)
mod_ssl/2.0.43 OpenSSL/0.9.6g.
2) Error 403 is generated instead of 404. Are all non UTF-8 URLs forbidden in
Apache 2 ? (not stated in documentation)
3) This error 403 is not logged in the error log.
4) Internationalized error messages are switched off (if switched on, they work
fine in this case).
5) This is not bug 10573. In bug 10573 the cgi script was called directly, not
via ErrorDocument.
6) For UTF-8 characters the ErrorDocument and script work as expected, e.g. for
https://localhost/Information/Law/%C3%84s/index.de.html
7) Apache 1.3.27 works fine with a similar configuration and calls the error
handling script without problems (see log below).
Apache 1.3.27 configuration with "ErrorDocument 403 /cgi/Invalid.cgi" for
comparison:
Entry in access.log:
Netscape 4.7: 127.0.0.1 - - [03/Nov/2002:11:08:24 +0100] "GET
/Information/Law/\xc4s/index.de.html HTTP/1.0" 404 2325
Mozilla 5.0: 127.0.0.1 - - [03/Nov/2002:11:16:12 +0100] "GET
/Information/Law/%C4s/index.de.html HTTP/1.1" 404 2256
Entry in error.log:
Netscape 4.7: [Sun Nov 03 11:08:24 2002] [error] [client 127.0.0.1] File does
not exist: d:/web/information/law/�s/index.de.html
Mozilla 5.0: [Sun Nov 03 11:16:11 2002] [error] [client 127.0.0.1] File does
not exist: d:/web/information/law/�s/index.de.html
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org