You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Marc Slemko <ma...@znep.com> on 1998/05/25 08:51:37 UTC

BUG? Apache 1.2.6, check_fulluri()

>Path: scanner.worldgate.com!logbridge.uoregon.edu!news-peer.gip.net!news.gsl.net!gip.net!news.new-york.net!uunet!in2.uu.net!nntphub.cb.lucent.com!news.research.bell-labs.com!news
>From: Dave Kristol <dm...@bell-labs.com>
>Newsgroups: comp.infosystems.www.servers.unix
>Subject: BUG?  Apache 1.2.6, check_fulluri()
>Date: Wed, 20 May 1998 12:15:46 -0400
>Organization: Bell Laboratories, Lucent Technologies
>Lines: 44
>Message-ID: <35...@bell-labs.com>
>NNTP-Posting-Host: aleatory.research.bell-labs.com
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>X-Mailer: Mozilla 3.0Gold (X11; I; SunOS 5.6 sun4m)
>Xref: scanner.worldgate.com comp.infosystems.www.servers.unix:42907     

The following problem did not exist in Apache 1.2.5 but appeared in
1.2.6.

I have two web servers running on my machine
(aleatory.research.bell-labs.com).  Aleatory has two aliases,
lpwa.tempo.bell-labs.com and www-zoo.research.bell-labs.com.  One
server is Apache, running as a proxy on
lpwa.tempo.bell-labs.com:8000.  The second is a different
(non-Apache) HTTP server on www-zoo.research.bell-labs.com:80.

A request to lpwa.tempo.bell-labs.com:8000 like this:
GET http://www-zoo.research.bell-labs.com/~dmk/ HTTP/1.0

is supposed to be forwarded by the (Apache) proxy to the www-zoo:80
server.  What happens instead (in 1.2.6) is I get a 404 File Not Found
error.  The Apache proxy has decided to serve the page itself, rather
than forward the request.

The fault appears to lie with check_fulluri() in http_protocol.c.  In
Apache 1.2.5, check_fulluri() returned the incoming URL unchanged.  In
Apache 1.2.6, check_fulluri() returns "/~dmk/", which the proxy assumes
is a page served locally by the proxy, not by www-zoo.

The different behavior occurs because of a change in the code that
checks port numbers (line 572 ff).  In my case there are no virtual
hosts, so sar->host_port is zero, but the code thinks it has identified
a virtual host.  The code then proceeds to match hostnames and to
decide that the resource can be served locally.

I'm going to guess that line 577:
    if (!sar) return uri;
should be
    if (!sar || !sar->virthost) return uri;

I also note, in passing, another bug in check_fulluri():  there's no
check that the result of
    i = ind(name, '/');
is non-negative.  In particular, if
uri == "http://www-zoo.research.bell-labs.com" with no trailing '/', a
valid URI, the code misbehaves and returns (prior to the line 577
change above) "/www-zoo.research.bell-labs.com", which, of course, is
not found.

Dave Kristol

Re: BUG? Apache 1.2.6, check_fulluri()

Posted by Dean Gaudet <dg...@arctic.org>.

Gah... all stuff that's completely fixed in 1.3.  It's embarassing how bad
this is in 1.2.x.

Your fix looks right, I'll commit it.

Dean

On Mon, 25 May 1998, Marc Slemko wrote:

> 
> >Path: scanner.worldgate.com!logbridge.uoregon.edu!news-peer.gip.net!news.gsl.net!gip.net!news.new-york.net!uunet!in2.uu.net!nntphub.cb.lucent.com!news.research.bell-labs.com!news
> >From: Dave Kristol <dm...@bell-labs.com>
> >Newsgroups: comp.infosystems.www.servers.unix
> >Subject: BUG?  Apache 1.2.6, check_fulluri()
> >Date: Wed, 20 May 1998 12:15:46 -0400
> >Organization: Bell Laboratories, Lucent Technologies
> >Lines: 44
> >Message-ID: <35...@bell-labs.com>
> >NNTP-Posting-Host: aleatory.research.bell-labs.com
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset=us-ascii
> >Content-Transfer-Encoding: 7bit
> >X-Mailer: Mozilla 3.0Gold (X11; I; SunOS 5.6 sun4m)
> >Xref: scanner.worldgate.com comp.infosystems.www.servers.unix:42907     
> 
> The following problem did not exist in Apache 1.2.5 but appeared in
> 1.2.6.
> 
> I have two web servers running on my machine
> (aleatory.research.bell-labs.com).  Aleatory has two aliases,
> lpwa.tempo.bell-labs.com and www-zoo.research.bell-labs.com.  One
> server is Apache, running as a proxy on
> lpwa.tempo.bell-labs.com:8000.  The second is a different
> (non-Apache) HTTP server on www-zoo.research.bell-labs.com:80.
> 
> A request to lpwa.tempo.bell-labs.com:8000 like this:
> GET http://www-zoo.research.bell-labs.com/~dmk/ HTTP/1.0
> 
> is supposed to be forwarded by the (Apache) proxy to the www-zoo:80
> server.  What happens instead (in 1.2.6) is I get a 404 File Not Found
> error.  The Apache proxy has decided to serve the page itself, rather
> than forward the request.
> 
> The fault appears to lie with check_fulluri() in http_protocol.c.  In
> Apache 1.2.5, check_fulluri() returned the incoming URL unchanged.  In
> Apache 1.2.6, check_fulluri() returns "/~dmk/", which the proxy assumes
> is a page served locally by the proxy, not by www-zoo.
> 
> The different behavior occurs because of a change in the code that
> checks port numbers (line 572 ff).  In my case there are no virtual
> hosts, so sar->host_port is zero, but the code thinks it has identified
> a virtual host.  The code then proceeds to match hostnames and to
> decide that the resource can be served locally.
> 
> I'm going to guess that line 577:
>     if (!sar) return uri;
> should be
>     if (!sar || !sar->virthost) return uri;
> 
> I also note, in passing, another bug in check_fulluri():  there's no
> check that the result of
>     i = ind(name, '/');
> is non-negative.  In particular, if
> uri == "http://www-zoo.research.bell-labs.com" with no trailing '/', a
> valid URI, the code misbehaves and returns (prior to the line 577
> change above) "/www-zoo.research.bell-labs.com", which, of course, is
> not found.
> 
> Dave Kristol
>