You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/02/28 01:12:56 UTC
DO NOT REPLY [Bug 38801] New: - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
Summary: Bug in apr_filepath_merge (Win32)- returns
APR_EABOVEROOT incorrectly
Product: APR
Version: 1.2.2
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: major
Priority: P2
Component: APR
AssignedTo: bugs@httpd.apache.org
ReportedBy: kevin.wise@motorola.com
The second part of revision 239927 to filepath.c in August 2005 resulted in a
new bug in function apr_filepath_root (file_io/win32/filepath.c).
See
http://svn.apache.org/viewcvs.cgi/apr/apr/trunk/file_io/win32/filepath.c?rev=239927&r1=151412&r2=239927&diff_format=h
I believe the problem only occurs when the paths being merged meet certain
criteria (in my example and test case, basepath is a root path, and addpath
contains only one level). The result is that the function incorrectly returns
APR_EABOVEROOT.
NOTE: In httpd, this bug breaks mod_rewrite's ability to rewrite to full paths.
Rules like the following return an invalid request:
RewriteRule ^/images/(.+) D:/Sites/mysite.org/images/$1 [NC,L]
This is because mod_rewrite (in prefix_stat) attempts to stat() the first
directory above the root (the prefix-- in this rule, D:\Sites), which never
happens because "D:\" and "Sites" fails to be merged using apr_filepath_merge.
I believe the problematic behavior can be reproduced with the following code
fragment (assuming that the directory D:\temp does exist):
const char *basepath = "D:\\";
const char *addpath = "temp";
char *newpath;
apr_status_t rv;
rv = apr_filepath_merge(&newpath, basepath, addpath,
APR_FILEPATH_NOTABOVEROOT | APR_FILEPATH_NOTRELATIVE, pool);
if (rv == APR_SUCCESS) {
printf( "apr_filepath_merge worked. Merged path: %s", newpath );
} else {
printf( "apr_filepath_merge did not work. Status: %d", rv );
}
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38801] - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
wrowe@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
------- Additional Comments From wrowe@apache.org 2006-03-01 08:25 -------
I'm very sorry; but in spite of my best effort at tweaking various tests across
test/testnames.c, I cannot reproduce this bug :( Can you please modify any one
of the existing tests in testnames.c or introduce a new test that you can confirm
reproduces this bug for yourself?
Many thanks.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38801] - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
------- Additional Comments From kevin.wise@motorola.com 2006-02-28 01:14 -------
Created an attachment (id=17806)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17806&action=view)
Patch to resolve bug
The attached patch reverses the second part of revision 239927. The comment on
this revision indicates this was a performance optimization (and also appears
to apply only to the first part of the change), so I am fairly confident this
adequately resolves the problem. In addition, I have rebuilt with this patch
in place, and it restores mod_rewrite functionality as described in the bug
description.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38801] - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
wrowe@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |RESOLVED
Resolution| |FIXED
------- Additional Comments From wrowe@apache.org 2006-03-02 00:36 -------
The code you identified was simply incorrect. I've replaced it with
the corrected code, optimized only a little for the case where there
was no basepath to test above-root (this test case is and should be
a noop because comparing the two roots is far earlier in the process.)
The only bit your reproduction case missed was APR_FILEPATH_TRUENAME :)
See version 382029 for the correct testcase, and version 382095 for the
corrected 1.x module (096 for the backport to 1.2, 098 for 0.9).
Thanks for your detailed report!
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38801] - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
------- Additional Comments From kevin.wise@motorola.com 2006-03-01 10:13 -------
I should also have said that when I changed apr_filepath_merge as indicated by
the patch, the given rewrite rule begins working again (it was working under
httpd v2.0.54 as well).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38801] - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
------- Additional Comments From wrowe@apache.org 2006-02-28 03:31 -------
Thank you for evaluating and reporting this before our next release; I'm reviewing
the optimization and will commit this or an appropriate patch shortly, as well
as add -this- case also to the incident.
Good catch!
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38801] - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
------- Additional Comments From kevin.wise@motorola.com 2006-03-01 10:11 -------
I will look at the test cases and see if I can reproduce the problem with a
simple test case. In the mean time, perhaps it would help if you know how I
found this in the first place. The following is a rewrite rule that wasn't working:
RewriteRule ^/images/(.+) D:/Sites/abc.com/wwwroot/images/$1 [NC,L]
URLs that matched the pattern in this rule would result in a HTTP_BAD_REQUEST
error. As far as I could tell, prefix_stat() in mod_rewrite.c was returning 0
because apr_filepath_merge was not returning APR_SUCCESS.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38801] - Bug in apr_filepath_merge (Win32)- returns APR_EABOVEROOT incorrectly
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38801>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38801
------- Additional Comments From kevin.wise@motorola.com 2006-03-01 21:27 -------
I came up with a test case that shows the problem. Unfortunately I am not
familiar with the test framework, so it's just a main() that does everything
needed. In creating the test, I also realized the patch I gave you was only
addressing part of the problem.
I just checked, and I see that you have commited change 382095 to SVN. This
solution is almost identical to what I was going to propose (and functionally
the same). Based on this, it appears that you have been able to reproduce the
problem and fix it. Let me know if you need further information or would like
to see the test case and patch I came up with.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org