[prev in list] [next in list] [prev in thread] [next in thread]
List: netbsd-bugs
Subject: bin/47971: httpd bogusly %-encodes redirects
From: martin () NetBSD ! org
Date: 2013-06-27 13:50:00
Message-ID: 20130627135000.8E2A4716C6 () mollari ! NetBSD ! org
[Download RAW message or body]
> Number: 47971
> Category: bin
> Synopsis: httpd bogusly %-encodes redirects
> Confidential: no
> Severity: serious
> Priority: low
> Responsible: bin-bug-people
> State: open
> Class: sw-bug
> Submitter-Id: net
> Arrival-Date: Thu Jun 27 13:50:00 +0000 2013
> Originator: Martin Husemann
> Release: NetBSD 6.1_STABLE
> Organization:
The NetBSD Foundation, Inc.
> Environment:
System: NetBSD night-porter.duskware.de 6.1_STABLE NetBSD 6.1_STABLE (PORTER) #6: Wed \
May 29 21:38:20 CEST 2013 \
martin@night-porter.duskware.de:/usr/src-6/sys/arch/i386/compile/PORTER \
i386
Architecture: i386
Machine: i386
> Description:
When redirecting a request because of the existence of a .bzredirect or
.bzabsredirect file, httpd encodes the target url, including all / in it,
which usually breaks it.
I don't see why this behaviour ever would be usefull, but I might be missing
something.
Note that the only other use of the escape_rfc3986() is for filenames in
generated directory indices, and there it is absolutely ok.
> How-To-Repeat:
Try a .bzredirect to, say, ../test
> Fix:
Index: bozohttpd.c
===================================================================
RCS file: /cvsroot/src/libexec/httpd/bozohttpd.c,v
retrieving revision 1.39
diff -c -u -r1.39 bozohttpd.c
--- bozohttpd.c 27 Jun 2013 13:11:11 -0000 1.39
+++ bozohttpd.c 27 Jun 2013 13:43:01 -0000
@@ -965,7 +965,6 @@
url = urlbuf;
} else
urlbuf = NULL;
- url = escape_rfc3986(request->hr_httpd, url);
if (request->hr_query && strlen(request->hr_query))
query = 1;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic