You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Vladislav Malyshkin <ma...@cs.wmich.edu> on 1996/07/15 04:59:14 UTC
Apache BUG
Hi,
It seems that there is a bug in Apache 1.1 and probabry in 1.1.1
The problem is with the redirect made by cgi scripts.
For example I took the following CGI script
--------------------- FILE xred ------------
#!/bin/sh
umask 022
echo 'Location: http://www.apache.org'
echo
echo "$QUERY_STRING $$" 1>>/tmp/mystat.txt
--------------------------------------------
and called it many times as follows
http://www.mydomain.edu/cgi-bin/xred?dd=FF&ggg=ccc&xx=XX.html
with some changes in the query string ^^^^^^^^^^^^^^^^^^^^^^^^^
for example call next time with
http://www.mydomain.edu/cgi-bin/xred?dd=FF&gggAAA=BBBccc&xx=XX.html
and so on.
I did this 25 times, every time I changed something in
the transmitted parameters.
Then I compared records in the
/tmp/mystat.txt
and in the
..../httpd/logs/access_log
The problem is that what some requests that
DO PRESENT in the ..../httpd/logs/access_log
DO NOT PRESENT in the /tmp/mystat.txt
It looks like apache httpd don't call this CGI script every time
and use some old information CGI printed.
This occures (difference in /tmp/mystat.txt and ..../httpd/logs/access_log)
only if I am using NON-LOCAL redirect.
when I am using local redirect
(Location: /mydir/myfile.gif) everything is OK.
When I make a file output by CGI everything is OK as well.
I am using Solaris 2.4 and compiled apache by GCC 2.7.2
I used apache 1.0 and 1.1 - everything is the same for these two
versions.
Sincerely,
Vladislav Malyshkin
-----------------------------------------------------
As an example I attached the part of access_log file
where are 25 requests present and /tmp/mystat.txt file
where JUST 11 REQUESTS of these 25 present.
----------- appendix --------
the part of access_log file (25 requests)
n21.physics.wmich.edu - - [14/Jul/1996:22:44:37 -0400] "GET /cgi-bin/xred?FFFF=FFF&rr=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:44:44 -0400] "GET /cgi-bin/xred?FFFF=FFF&rr=GGFFFG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:44:54 -0400] "GET /cgi-bin/xred?FFFF=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:44:58 -0400] "GET /cgi-bin/xred?FFDDDFF=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:03 -0400] "GET /cgi-bin/xred?FFDDGG=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:08 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDFF&Frr=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:12 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDGGGHHHFF&Frr=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:17 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDGKKHFF&Frr=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:21 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:25 -0400] "GET /cgi-bin/xred?FFDFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:31 -0400] "GET /cgi-bin/xred?FTYUYDFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:35 -0400] "GET /cgi-bin/xred?FTYUYHHHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:44 -0400] "GET /cgi-bin/xred?FTAQDFQ4HHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:49 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F134252DDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:55 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13425wwDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:45:58 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13425wwDGKwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:46:05 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13HJKLWKJWwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:46:09 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13HJKLWKwwwwJWwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:46:27 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F4F&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:46:36 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:46:40 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&xx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:46:44 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&Axx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:46:55 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&AFxx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:47:06 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&AFxx.html HTTP/1.0" 302 -
n21.physics.wmich.edu - - [14/Jul/1996:22:47:13 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&YYxx.html HTTP/1.0" 302 -
-------- the file /tmp/mystat.txt 11 requests -----------
FFFF=FFF&rr=GGG&xx.html 20938
FFFF=FFF&rr=GGFFFG&xx.html 20939
FFFF=FFF&Frr=GGG&xx.html 20940
FFDDGG=FFF&Frr=GGG&xx.html 20942
FFDDGG=FDDDFF&Frr=GGG&xx.html 20943
FFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html 20946
FTYUYHHHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html 20949
FTAQDHHGG=F13HJKLWKJWwwwKHFF&FrLJ=GGG&xx.html 20955
FTAQDHHFFGG=F4F&FrLJ=GGG&xx.html 20960
FTAQDHHFFGG=F4F&FrLHJJ=GGG&xx.html 20961
FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&YYxx.html 20967
----- End of forwarded message from Vladislav Malyshkin -----
--
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb) http://www.imdb.com/
...more movie info than you can poke a stick at.
Re: Apache BUG
Posted by Brian Behlendorf <br...@organic.com>.
This is the correct behavior. Look at the section starting at line 365 in
mod_cgi.c. If the script outputs "Location:" in the CGI headers to a
non-internal request, and does not output "Status: 302", then the server
will ignore the rest of the body. If the script does not finish before
the response to the client is finished, the script will end up getting
killed. The inconsistant behavior you are seeing is that sometimes the
script makes it to the second command before the server finishes sending
the response, sometimes it doesn't. It doesn't matter.
At least I'm pretty sure this is what's going on.
Brian
On Sun, 14 Jul 1996, Vladislav Malyshkin wrote:
> Hi,
> It seems that there is a bug in Apache 1.1 and probabry in 1.1.1
> The problem is with the redirect made by cgi scripts.
> For example I took the following CGI script
> --------------------- FILE xred ------------
> #!/bin/sh
> umask 022
> echo 'Location: http://www.apache.org'
> echo
> echo "$QUERY_STRING $$" 1>>/tmp/mystat.txt
> --------------------------------------------
>
> and called it many times as follows
> http://www.mydomain.edu/cgi-bin/xred?dd=FF&ggg=ccc&xx=XX.html
> with some changes in the query string ^^^^^^^^^^^^^^^^^^^^^^^^^
> for example call next time with
> http://www.mydomain.edu/cgi-bin/xred?dd=FF&gggAAA=BBBccc&xx=XX.html
>
> and so on.
> I did this 25 times, every time I changed something in
> the transmitted parameters.
>
> Then I compared records in the
> /tmp/mystat.txt
> and in the
> ..../httpd/logs/access_log
>
> The problem is that what some requests that
> DO PRESENT in the ..../httpd/logs/access_log
> DO NOT PRESENT in the /tmp/mystat.txt
>
> It looks like apache httpd don't call this CGI script every time
> and use some old information CGI printed.
> This occures (difference in /tmp/mystat.txt and ..../httpd/logs/access_log)
> only if I am using NON-LOCAL redirect.
> when I am using local redirect
> (Location: /mydir/myfile.gif) everything is OK.
> When I make a file output by CGI everything is OK as well.
>
>
> I am using Solaris 2.4 and compiled apache by GCC 2.7.2
> I used apache 1.0 and 1.1 - everything is the same for these two
> versions.
>
> Sincerely,
> Vladislav Malyshkin
>
>
> -----------------------------------------------------
> As an example I attached the part of access_log file
> where are 25 requests present and /tmp/mystat.txt file
> where JUST 11 REQUESTS of these 25 present.
>
> ----------- appendix --------
> the part of access_log file (25 requests)
>
> n21.physics.wmich.edu - - [14/Jul/1996:22:44:37 -0400] "GET /cgi-bin/xred?FFFF=FFF&rr=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:44:44 -0400] "GET /cgi-bin/xred?FFFF=FFF&rr=GGFFFG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:44:54 -0400] "GET /cgi-bin/xred?FFFF=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:44:58 -0400] "GET /cgi-bin/xred?FFDDDFF=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:03 -0400] "GET /cgi-bin/xred?FFDDGG=FFF&Frr=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:08 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDFF&Frr=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:12 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDGGGHHHFF&Frr=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:17 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDGKKHFF&Frr=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:21 -0400] "GET /cgi-bin/xred?FFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:25 -0400] "GET /cgi-bin/xred?FFDFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:31 -0400] "GET /cgi-bin/xred?FTYUYDFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:35 -0400] "GET /cgi-bin/xred?FTYUYHHHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:44 -0400] "GET /cgi-bin/xred?FTAQDFQ4HHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:49 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F134252DDDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:55 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13425wwDGKKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:45:58 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13425wwDGKwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:46:05 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13HJKLWKJWwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:46:09 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F13HJKLWKwwwwJWwwwKHFF&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:46:27 -0400] "GET /cgi-bin/xred?FTAQDHHGG=F4F&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:46:36 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:46:40 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&xx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:46:44 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&Axx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:46:55 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGG&AFxx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:47:06 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&AFxx.html HTTP/1.0" 302 -
> n21.physics.wmich.edu - - [14/Jul/1996:22:47:13 -0400] "GET /cgi-bin/xred?FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&YYxx.html HTTP/1.0" 302 -
>
>
> -------- the file /tmp/mystat.txt 11 requests -----------
>
> FFFF=FFF&rr=GGG&xx.html 20938
> FFFF=FFF&rr=GGFFFG&xx.html 20939
> FFFF=FFF&Frr=GGG&xx.html 20940
> FFDDGG=FFF&Frr=GGG&xx.html 20942
> FFDDGG=FDDDFF&Frr=GGG&xx.html 20943
> FFDDGG=FDDDGKKHFF&FrLJ=GGG&xx.html 20946
> FTYUYHHHHGG=FDDDGKKHFF&FrLJ=GGG&xx.html 20949
> FTAQDHHGG=F13HJKLWKJWwwwKHFF&FrLJ=GGG&xx.html 20955
> FTAQDHHFFGG=F4F&FrLJ=GGG&xx.html 20960
> FTAQDHHFFGG=F4F&FrLHJJ=GGG&xx.html 20961
> FTAQDHHFFGG=F4F&FrLHJJ=GGGDDDD&YYxx.html 20967
>
> ----- End of forwarded message from Vladislav Malyshkin -----
>
> --
> Rob Hartill (robh@imdb.com)
> The Internet Movie Database (IMDb) http://www.imdb.com/
> ...more movie info than you can poke a stick at.
>
>
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS