You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/08/23 07:49:22 UTC

DO NOT REPLY [Bug 43192] New: - %5C produces Internal Server Error

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43192>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43192

           Summary: %5C produces Internal Server Error
           Product: Apache httpd-2
           Version: 2.2.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tanaka@cybozu.co.jp


I set AllowEncodedSlashes to "On"
If the url requested to my cgi contains %5C, then my apache server returns 
internal server error.

url example:
"http://myserver/cgi-bin/my.cgi/%83%65%83%58%83%67%95%5C.txt"

logs/error.log
(22)Invalid argument: couldn't create child process: 22: my.cgi, referer: 
http://myserver/cgi-bin/my.cgi

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 43192] - %5C produces Internal Server Error

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43192>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43192


rahul@sun.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO




------- Additional Comments From rahul@sun.com  2007-09-11 01:58 -------
Could not reproduce it in Head (2.3)
Steps used:
   As mentioned in bug report
---------------------------
AllowEncodedSlashes On
# /space/store/httpd is the root.
ScriptAlias /cgi-bin/ "/space/store/httpd/cgi-bin/"
---------------------------
>[
GET http://agneyam.india.sun.com:8080/cgi-bin/printenv/myfile%5C.txt HTTP/1.0

]

<[
HTTP/1.1 200 OK
Date: Tue, 11 Sep 2007 08:47:50 GMT
Server: Apache/2.3.0-dev (Unix)
Connection: close
Content-Type: text/plain; charset=iso-8859-1

DOCUMENT_ROOT="/space/store/httpd/htdocs"
GATEWAY_INTERFACE="CGI/1.1"
PATH="."
PATH_INFO="/myfile\.txt"
PATH_TRANSLATED="/space/store/httpd/htdocs/myfile\.txt"
QUERY_STRING=""
REMOTE_ADDR="129.158.224.63"
REMOTE_PORT="34215"
REQUEST_METHOD="GET"
REQUEST_URI="http://agneyam.india.sun.com:8080/cgi-bin/printenv/myfile%5C.txt"
SCRIPT_FILENAME="/space/store/httpd/cgi-bin/printenv"
SCRIPT_NAME="/cgi-bin/printenv"
SERVER_ADDR="129.158.224.203"
SERVER_ADMIN="you@example.com"
SERVER_NAME="agneyam.india.sun.com"
SERVER_PORT="8080"
SERVER_PROTOCOL="HTTP/1.0"
SERVER_SIGNATURE=""
SERVER_SOFTWARE="Apache/2.3.0-dev (Unix)"
TZ="Asia/Calcutta"

Please do provide more information on how the bug can be reproduced.



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 43192] - %5C produces Internal Server Error

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43192>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43192


nick@webthing.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |RESOLVED
         Resolution|                            |DUPLICATE




------- Additional Comments From nick@webthing.com  2007-09-13 06:54 -------
This'll be because it's incorrectly decoded, and so passes junk to the operating
system.  Fixing 35256 will fix this.

*** This bug has been marked as a duplicate of 35256 ***

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org