You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by "Taso N. Devetzis" <de...@snet.net> on 1997/02/02 12:50:01 UTC
mod_alias/146: attemtps to redirect to URIs with no net_loc component fail at startup
>Number: 146
>Category: mod_alias
>Synopsis: attemtps to redirect to URIs with no net_loc component fail at startup
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: gnats-admin (GNATS administrator)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun Feb 2 03:50:01 1997
>Originator: devetzis@snet.net
>Organization:
apache
>Release: 1.1.3
>Environment:
SunOS 5.5.1 Generic 103640-03 September 1996 (sun4m sparc)
gcc version 2.7.2.1
>Description:
this fails:
Redirect /foo/bar mailto:mumble@foo.com
reason: add_redirect() (mod_alias.c) calls is_url() (util.c) which fails.
is_url() looks for colon, alpha chars and "//" (net_loc stuff).
i can't see anything in the standards to preclude the above behaviour.
bnf for location header field is (from rfc 1945):
Location = "Location" ":" absoluteURI
valid absolute identifiers need not contain network location/login components
(rfc 1808).
in fact, the above works with other servers (ibm/ncsa).
>How-To-Repeat:
the redfirect directive above will fail at runtime.
>Fix:
i understand that this has the potential to become a rathole. i don't know
what, if any, impact on performance futzing with is_url() might have.
for my purposes, the following patch (for 1.1.3) mixes the right level of
idealism and pragmatism (i suppose "telnet:" might be ok as well):
*** util.c.orig Wed Jun 26 06:46:37 1996
--- util.c Sun Feb 2 05:57:35 1997
***************
*** 792,797 ****
--- 792,800 ----
if((u[x+1] == '/') && (u[x+2] == '/'))
return 1;
+ else if (!(strncasecmp (&u[0], "mailto:", 7) &&
+ strncasecmp (&u[0], "news:", 5)))
+ return 1;
else return 0;
}
%0
>Audit-Trail:
>Unformatted: