You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Dave Rolsky <au...@urth.org> on 2000/10/10 01:24:07 UTC
Bug in mod_perl
Try the following handler:
package Foo;
use Apache::Request;
sub handler
{
my $r = shift;
my (@vars) = ( 'abc', "abc\0def", "def" );
$r->send_http_header;
$r->print("$_\n") foreach @vars;
}
1;
I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
no output after the \0. Is this a mod_perl or Apache bug? Or is it a
client bug (using Netscape 4.75) or is it the expected behavior.
-dave
/*==================
www.urth.org
We await the New Sun
==================*/
Re: Bug in mod_perl
Posted by Ken Williams <ke...@forum.swarthmore.edu>.
greg@cnation.com (Greg Williams) wrote:
>>I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
>>no output after the \0. Is this a mod_perl or Apache bug? Or is it a
>>client bug (using Netscape 4.75) or is it the expected behavior.
>
>It would be expected, I'd assume. perl5-porters discussed this back
>in January when phrack ran an article claiming it was a 'bug' with
>security implications. To summarize, this isn't really bug, but
>merely what you'd expect when the PV gets passed to a C function
>which expects a NULL terminated string.
>
>http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-01/msg00020.html
I think I disagree with not calling this a bug. The entire p5p
discussion was about the fact that *system calls* will see \0 as the
end-of-string character, which in some cases is kind of a bad thing.
However, Dave's code is just trying to send some *data* to the browser.
It appears that $r->print (or somewhere down in the Apache code) can't
handle embedded nulls, which I think should be either documented or
fixed.
------------------- -------------------
Ken Williams Last Bastion of Euclidity
ken@forum.swarthmore.edu The Math Forum
Re: Bug in mod_perl
Posted by Greg Williams <gr...@cnation.com>.
>I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
>no output after the \0. Is this a mod_perl or Apache bug? Or is it a
>client bug (using Netscape 4.75) or is it the expected behavior.
It would be expected, I'd assume. perl5-porters discussed this back
in January when phrack ran an article claiming it was a 'bug' with
security implications. To summarize, this isn't really bug, but
merely what you'd expect when the PV gets passed to a C function
which expects a NULL terminated string.
http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-01/msg00020.html
.g
--
- Crack RC5-64 with Bovine: http://www.distributed.net/rc5/ -
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
Re: Bug in mod_perl
Posted by Doug MacEachern <do...@covalent.net>.
On Mon, 9 Oct 2000, Dave Rolsky wrote:
> I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
> no output after the \0. Is this a mod_perl or Apache bug? Or is it a
> client bug (using Netscape 4.75) or is it the expected behavior.
looks ok to me:
% telnet localhost 8529
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
GET /foo http/1.0
HTTP/1.1 200 OK
Date: Fri, 13 Oct 2000 17:35:52 GMT
Server: Apache/1.3.15-dev (Unix) mod_perl/1.24_02-dev Perl/v5.7.0
Connection: close
Content-Type: text/plain
abc
abcdef
def
Connection closed by foreign host.
strace shows the \0 coming across:
5406 read(4, "HTTP/1.1 200 OK\r\nDate: Fri, 13 Oct 2000 17:38:47
GMT\r\nServer: Apache/1.3.15-dev (Unix) mod_perl/1.24_02-dev
Perl/v5.7.0\r\nConnection: close\r\nContent-Type:
text/plain\r\n\r\nabc\nabc\0def\ndef\n", 4096) = 184
Re: Bug in mod_perl
Posted by Tom Brown <tb...@baremetal.com>.
Interesting, the Mason bug report I just filed is obviously mis-filed.
Apache::Registry scripts suffer the same behaviour.
On Mon, 9 Oct 2000, Dave Rolsky wrote:
> Try the following handler:
>
> package Foo;
>
> use Apache::Request;
>
> sub handler
> {
> my $r = shift;
>
> my (@vars) = ( 'abc', "abc\0def", "def" );
>
> $r->send_http_header;
> $r->print("$_\n") foreach @vars;
> }
>
>
> 1;
>
>
> I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
> no output after the \0. Is this a mod_perl or Apache bug? Or is it a
> client bug (using Netscape 4.75) or is it the expected behavior.
>
> -dave
>
> /*==================
> www.urth.org
> We await the New Sun
> ==================*/
>
----------------------------------------------------------------------
tbrown@BareMetal.com | Drive thy business, or it will drive thee.
http://BareMetal.com/ | - Benjamin Franklin
web hosting since '95 |