You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Nathan Neulinger <nn...@umr.edu> on 1996/07/04 03:09:47 UTC
probably a horrible time to bring this up, but, bug..
Ok, I had sent a bug report a long while back with some of the early 1.1
betas, that seemed to have been fixed in 1.1b3. (Which was very very stable
and reliable for me on HP-UX 9.05).
However, the bug seems to have been reintroduced in either b5 or the final
1.1.
I am getting URL's redirected when I request a page. The documents are
being redirected to URLs that look like you took several strings in memory
(the real url, the real path to the file) and mashed and overlapped them
together.
Not sure how else to describe it.
-----
mcallaham.his.ucsf.edu - - [03/Jul/1996:20:07:37 -0500] "GET
/computer/images/le
galbanner.gif HTTP/1.0" 200 20134
mcallaham.his.ucsf.edu - - [03/Jul/1996:20:07:38 -0500] "GET
/computer/images/ap
ple_ad.gif HTTP/1.0" 200 11566
mcallaham.his.ucsf.edu - - [03/Jul/1996:20:07:38 -0500] "GET
/users/nneul/public
_html/cgiwrap/computer/images/MacAcadamy.gif HTTP/1.0" 404 -
...
dialup-pkr-7-6.network.umr.edu - - [03/Jul/1996:20:03:08 -0500] "GET
/users/nneu
l/public_html/cgiwrap/~nneul/cgiwrap/ HTTP/1.0" 404 -
dialup-pkr-7-6.network.umr.edu - - [03/Jul/1996:20:03:10 -0500] "GET
/~nneul/cgi
wrap/ HTTP/1.0" 200 1867
-----
Note the weird screwups.
One thing, it is occuring with MUCH greater frequency on 1.1 than with the
earlier times it has occured.
The above server is www.rollanet.org.
-- Nathan
------------------------------------------------------------
Nathan Neulinger Univ. of Missouri - Rolla
EMail: nneul@umr.edu Computing Services
WWW: http://www.umr.edu/~nneul SysAdmin: rollanet.org
Re: probably a horrible time to bring this up, but, bug..
Posted by Nathan Neulinger <nn...@umr.edu>.
At 8:27 PM -0500 7/3/96, Randy Terbush wrote:
>Has the order of your installed modules changed?
>Are you running with the same set of modules?
>
Order of modules with 1.1 is as distributed, with mod_status and mod_info
added, and mod_cntr has been added at the end.
The 1.1b3 was as distributed with mod_info and mod_status added, with
mod_cntr and mod_rewrite added at the end.
>
>
>> Ok, I had sent a bug report a long while back with some of the early 1.1
>> betas, that seemed to have been fixed in 1.1b3. (Which was very very stable
>> and reliable for me on HP-UX 9.05).
>>
>> However, the bug seems to have been reintroduced in either b5 or the final
>> 1.1.
>>
>> I am getting URL's redirected when I request a page. The documents are
>> being redirected to URLs that look like you took several strings in memory
>> (the real url, the real path to the file) and mashed and overlapped them
>> together.
>>
>> Not sure how else to describe it.
>>
>>
>> -----
>> mcallaham.his.ucsf.edu - - [03/Jul/1996:20:07:37 -0500] "GET
>> /computer/images/le
>> galbanner.gif HTTP/1.0" 200 20134
>> mcallaham.his.ucsf.edu - - [03/Jul/1996:20:07:38 -0500] "GET
>> /computer/images/ap
>> ple_ad.gif HTTP/1.0" 200 11566
>> mcallaham.his.ucsf.edu - - [03/Jul/1996:20:07:38 -0500] "GET
>> /users/nneul/public
>> _html/cgiwrap/computer/images/MacAcadamy.gif HTTP/1.0" 404 -
>>
>> ...
>>
>> dialup-pkr-7-6.network.umr.edu - - [03/Jul/1996:20:03:08 -0500] "GET
>> /users/nneu
>> l/public_html/cgiwrap/~nneul/cgiwrap/ HTTP/1.0" 404 -
>> dialup-pkr-7-6.network.umr.edu - - [03/Jul/1996:20:03:10 -0500] "GET
>> /~nneul/cgi
>> wrap/ HTTP/1.0" 200 1867
>>
>> -----
>>
>> Note the weird screwups.
>>
>> One thing, it is occuring with MUCH greater frequency on 1.1 than with the
>> earlier times it has occured.
>>
>> The above server is www.rollanet.org.
>>
>> -- Nathan
>>
>>
>> ------------------------------------------------------------
>> Nathan Neulinger Univ. of Missouri - Rolla
>> EMail: nneul@umr.edu Computing Services
>> WWW: http://www.umr.edu/~nneul SysAdmin: rollanet.org
>>
------------------------------------------------------------
Nathan Neulinger Univ. of Missouri - Rolla
EMail: nneul@umr.edu Computing Services
WWW: http://www.umr.edu/~nneul SysAdmin: rollanet.org
Re: probably a horrible time to bring this up, but, bug..
Posted by Alexei Kosut <ak...@organic.com>.
On Wed, 3 Jul 1996, Nathan Neulinger wrote:
> Ok, I had sent a bug report a long while back with some of the early 1.1
> betas, that seemed to have been fixed in 1.1b3. (Which was very very stable
> and reliable for me on HP-UX 9.05).
>
> However, the bug seems to have been reintroduced in either b5 or the final
> 1.1.
Arrrrrrrrrrrrrgh. It looks like some idiot by the name of Alexei Kosut,
five months ago, when he submitted a patch to allow Redirect in .htaccess
files, completely screwed up. This patch, which for some
God-only-knows-what reason got applied to the Apache distribution and ran
unquestioned in all releases following, had the following flaws:
1) It added these redirects directly to the server configuration,
not a seperate per-dir config, which would be the correct thing to do
2) It did not check to see if the user was authorized to perform the
redirect in question - if it had added them to a per-dir config and
not a server one, checks would not have been neccessary. (see 1)
3) In altering the server config (which it shouldn't have done, see 1), it
used per-request pool memory, which was unallocated and got really
screwy as soon as the request was over. This explains the weird
redirects.
If anyone sees this Alexei character, or those who +1ed the patch (there
must have been some who looked at it), shoot them.
I'll try and work up a patch later. We may need a 1.1.1. This is very
dangerous, since any idiot can put "Redirect / <anything here>" in their
.htaccess file and screw to heck every request to the server.
*sigh* Why didn't anyone notice this before, is what I'm wondering? It
never showed up while I was testing it, probably purely by chance.
Somebody put we out of everyone's misery.
A quick fix is to just remove the functionality; change the OR_FILEINFO in
mod_alias.c to RSRC_CONF. The proper fix is to set up a per-dir config
structure and use that to store .htaccess-invoked Redirects.
Arrgh.
-- Alexei Kosut <ak...@organic.com> The Apache HTTP Server
http://www.nueva.pvt.k12.ca.us/~akosut/ http://www.apache.org/