You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Philipp Rotmann <we...@link-m.de> on 2000/11/24 14:03:31 UTC
apache-api/6885: PATH_TRANSLATED generation produces garbage in error_log
>Number: 6885
>Category: apache-api
>Synopsis: PATH_TRANSLATED generation produces garbage in error_log
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Fri Nov 24 05:10:02 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: webmaster@link-m.de
>Release: 1.3.9 and above
>Organization:
apache
>Environment:
Linux 2.2.17 #1 Mit Nov 15 13:38:42 CET 2000 i586 unknown w/ apache 1.3.9 compiled by gcc; in newer apache releases' CHANGES files I couldn't find anything related to the bug as described below, so I haven't upgraded first.
>Description:
When apache encounters an URI such as /cgi-bin/myscript.cgi/path/to/template.html it issues a subrequest to itself in order to get PATH_TRANSLATED. In combination with access restrictions on the file "/path/to/template.html" (e.g. a FilesMatch block anywhere in the server configuration), this behaviour leads to lots of unwanted error_log messages, as every access to the script is logged as a failed access to the raw template file.
The affected code seems to be in main/util_script.c:
if (r->path_info && r->path_info[0]) {
/*
* To get PATH_TRANSLATED, treat PATH_INFO as a URI path.
* Need to re-escape it for this, since the entire URI was
* un-escaped before we determined where the PATH_INFO began.
*/
request_rec *pa_req;
pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r);
>How-To-Repeat:
Just set up a file inside your DocumentRoot, impose access restrictions on it (<Files test.html>\norder allow, deny\ndeny from all\n</Files>) and then access it via any cgi script that doesn't even need to use the file in any way (of course), with a request like http://my.server.com/cgi-bin/whatever/test.html -- then look into your error_log.
>Fix:
No -- too few knowledge of apache interna.
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]