You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Anand Kumria <wi...@progsoc.uts.edu.au> on 1997/04/16 02:10:02 UTC

suexec/398: cgi-bin and suExec don't work when trying to pass arguments to a CGI

	The contract type is `' with a response time of 3 business hours.
	A first analysis should be sent before: Wed Apr 16 11:00:01 PDT 1997


>Number:         398
>Category:       suexec
>Synopsis:       cgi-bin and suExec don't work when trying to pass arguments to a CGI
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Apr 15 17:10:01 1997
>Originator:     wildfire@progsoc.uts.edu.au
>Organization:
apache
>Release:        1.2b8
>Environment:
SunOS 4.1.4 most major patches. GCC 2.7.2
>Description:
When attempting to retreive a user's CGI with arguments (i.e. with a
question and data appended) Apache (or suExec) appears to be
escaping the username. I am pretty sure this is an Apache problem,
I'm had suExec print the argument it receives on the command line
it is definately escaped - I'm still trying to see where Apache is
doing the escaping.
>How-To-Repeat:
http://www.progsoc.uts.edu.au/~mike/cgi-bin/wwwadmin.pl (works)
http://www.progsoc.uts.edu.au/~mike/cgi-bin/wwwadmin.pl? (works)
http://www.progsoc.uts.edu.au/~mike/cgi-bin/wwwadmin.pl?<anything> (fails)
>Fix:
I've been looking at util_script.c at the point where Apache is about
to handover execution to SUEXEC - but am having no luck. I'm not sure
if something else is kicking off SUEXEC though
>Audit-Trail:
>Unformatted: