Bug in mod_perl

[Dave Rolsky <au...@urth.org>]

Try the following handler:

package Foo;

use Apache::Request;

sub handler
{
    my $r = shift;

    my (@vars) = ( 'abc', "abc\0def", "def" );

    $r->send_http_header;
    $r->print("$_\n") foreach @vars;
}


1;


I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
no output after the \0.  Is this a mod_perl or Apache bug?  Or is it a
client bug (using Netscape 4.75) or is it the expected behavior.

-dave

/*==================
www.urth.org
We await the New Sun
==================*/

Re: Bug in mod_perl

[Ken Williams <ke...@forum.swarthmore.edu>]

greg@cnation.com (Greg Williams) wrote:
>>I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
>>no output after the \0.  Is this a mod_perl or Apache bug?  Or is it a
>>client bug (using Netscape 4.75) or is it the expected behavior.
>
>It would be expected, I'd assume.  perl5-porters discussed this back 
>in January when phrack ran an article claiming it was a 'bug' with 
>security implications.  To summarize, this isn't really bug, but 
>merely what you'd expect when the PV gets passed to a C function 
>which expects a NULL terminated string.
>
>http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-01/msg00020.html

I think I disagree with not calling this a bug.  The entire p5p
discussion was about the fact that *system calls* will see \0 as the
end-of-string character, which in some cases is kind of a bad thing. 

However, Dave's code is just trying to send some *data* to the browser.
It appears that $r->print (or somewhere down in the Apache code) can't
handle embedded nulls, which I think should be either documented or
fixed.


  -------------------                            -------------------
  Ken Williams                             Last Bastion of Euclidity
  ken@forum.swarthmore.edu                            The Math Forum

Re: Bug in mod_perl

[Greg Williams <gr...@cnation.com>]

>I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
>no output after the \0.  Is this a mod_perl or Apache bug?  Or is it a
>client bug (using Netscape 4.75) or is it the expected behavior.

It would be expected, I'd assume.  perl5-porters discussed this back 
in January when phrack ran an article claiming it was a 'bug' with 
security implications.  To summarize, this isn't really bug, but 
merely what you'd expect when the PV gets passed to a C function 
which expects a NULL terminated string.

http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-01/msg00020.html

.g
-- 
- Crack RC5-64 with Bovine: http://www.distributed.net/rc5/ -
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

Re: Bug in mod_perl

[Doug MacEachern <do...@covalent.net>]

On Mon, 9 Oct 2000, Dave Rolsky wrote:
 
> I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
> no output after the \0.  Is this a mod_perl or Apache bug?  Or is it a
> client bug (using Netscape 4.75) or is it the expected behavior.

looks ok to me:

% telnet localhost 8529
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
GET /foo http/1.0

HTTP/1.1 200 OK
Date: Fri, 13 Oct 2000 17:35:52 GMT
Server: Apache/1.3.15-dev (Unix) mod_perl/1.24_02-dev Perl/v5.7.0
Connection: close
Content-Type: text/plain

abc
abcdef
def
Connection closed by foreign host.

strace shows the \0 coming across:
5406  read(4, "HTTP/1.1 200 OK\r\nDate: Fri, 13 Oct 2000 17:38:47
GMT\r\nServer: Apache/1.3.15-dev (Unix) mod_perl/1.24_02-dev
Perl/v5.7.0\r\nConnection: close\r\nContent-Type:
text/plain\r\n\r\nabc\nabc\0def\ndef\n", 4096) = 184

Re: Bug in mod_perl

[Tom Brown <tb...@baremetal.com>]

Interesting, the Mason bug report I just filed is obviously mis-filed.

Apache::Registry scripts suffer the same behaviour.


On Mon, 9 Oct 2000, Dave Rolsky wrote:

> Try the following handler:
> 
> package Foo;
> 
> use Apache::Request;
> 
> sub handler
> {
>     my $r = shift;
> 
>     my (@vars) = ( 'abc', "abc\0def", "def" );
> 
>     $r->send_http_header;
>     $r->print("$_\n") foreach @vars;
> }
> 
> 
> 1;
> 
> 
> I'm using mod_perl 1.24/Apache 1.3.12/Perl 5.00503 and find that I receive
> no output after the \0.  Is this a mod_perl or Apache bug?  Or is it a
> client bug (using Netscape 4.75) or is it the expected behavior.
> 
> -dave
> 
> /*==================
> www.urth.org
> We await the New Sun
> ==================*/
> 

----------------------------------------------------------------------
tbrown@BareMetal.com   | Drive thy business, or it will drive thee.
http://BareMetal.com/  | - Benjamin Franklin
web hosting since '95  |