Re: Problem with and ap_os_canonical_filename()

["Roy T. Fielding" <fi...@kiwi.ics.uci.edu>]

>When using a <Directory proxy:*> block to control access to the proxy,
>"proxy:*" is passed to ap_os_canonical_filename(). My OS/2 implementation of
>that function barfs on that (it's not a valid file name).
>
>So where should this special case be caught?

I'd guess it should be caught before doing any filename checks.

>On a related note I think ap_os_canonical_filename() needs to be able to
>return a failure status for when it's given a bogus file name. I can
>currently bomb out a server process in OS/2 by sending it
>
>GET /a>b.html HTTP/1.0
>
>This triggers the ap_assert(rc==0) in OS/2's ap_os_canonical_filename() due
>to the '>'. I guess the correct behaviour would be to return "400 Bad
>Request".

Or 403 Forbidden -- either would be reasonable.

....Roy