NetBSD Problem Report #47629
From www@NetBSD.org Fri Mar 8 12:51:30 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 0D4EB63EEC4
for <gnats-bugs@gnats.NetBSD.org>; Fri, 8 Mar 2013 12:51:29 +0000 (UTC)
Message-Id: <20130308125129.4126E63EEC4@www.NetBSD.org>
Date: Fri, 8 Mar 2013 12:51:29 +0000 (UTC)
From: code@boerschig.net
Reply-To: code@boerschig.net
To: gnats-bugs@NetBSD.org
Subject: libexec/httpd does not properly URL-escape directory names in index
X-Send-Pr-Version: www-1.0
>Number: 47629
>Category: bin
>Synopsis: libexec/httpd does not properly URL-escape directory names in index
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: mrg
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Mar 08 12:55:00 +0000 2013
>Closed-Date: Sun Mar 10 23:33:45 +0000 2013
>Last-Modified: Sun Mar 10 23:33:45 +0000 2013
>Originator: MB
>Release: 6.99.17
>Organization:
>Environment:
NetBSD vm 6.99.17 NetBSD 6.99.17 (XEN3PAE_DOMU) #0: Sat Feb 23 12:24:40 UTC 2013 builds@b8.netbsd.org:/home/builds/ab/HEAD/i386/201302230640Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/XEN3PAE_DOMU i386
>Description:
libexec/httpd does not fully escape the directory names in automatic generated indexes: directory names contain trailing garbage (len is initialized to strlen(url) and then incremented for the byte-to-byte copy)and some characters are not escaped.
>How-To-Repeat:
mkdir '()'
/usr/libexec/httpd -bfs -X . -I 8080
#clicking the '()' link in the generated index.html, the request fails
got request ``GET /%28)%C2%BE%10/ HTTP/1.1'' from host localhost to port 8080
# the URL should be '/%28%29'
>Fix:
diff --git a/libexec/httpd/bozohttpd.c b/libexec/httpd/bozohttpd.c
index 39b29c1..3ab446c 100644
--- a/libexec/httpd/bozohttpd.c
+++ b/libexec/httpd/bozohttpd.c
@@ -893,13 +893,14 @@ escape_rfc3986(bozohttpd_t *httpd, const char *url)
case ',':
case ';':
case '=':
+ case '%':
encode_it:
snprintf(d, 4, "%%%2X", *s++);
d += 3;
len += 3;
+ break;
default:
*d++ = *s++;
- len++;
}
}
buf[len] = 0
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sat, 09 Mar 2013 21:37:05 +0000
State-Changed-Why:
i commited a slightly different patch that properly handles 'len'. can
you please update -current and see if it also works for you now? if so,
i'll submit pullups to netbsd-6. thanks!
.mrg.
Responsible-Changed-From-To: bin-bug-people->mrg
Responsible-Changed-By: mrg@NetBSD.org
Responsible-Changed-When: Sat, 09 Mar 2013 21:37:18 +0000
Responsible-Changed-Why:
mine
From: "matthew green" <mrg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/47629 CVS commit: src/libexec/httpd
Date: Sat, 9 Mar 2013 21:36:04 +0000
Module Name: src
Committed By: mrg
Date: Sat Mar 9 21:36:04 UTC 2013
Modified Files:
src/libexec/httpd: bozohttpd.c
Log Message:
fix PR 47629, using a slightly different patch to the one in the PR.
this modifies escape_rfc3986() to escape '%' itself, and to properly
track the buffer size and nul out the final byte, not some random
byte that may actually be unmapped.
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/bozohttpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: MB <code@boerschig.net>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/47629 (libexec/httpd does not properly URL-escape directory
names in index)
Date: Sun, 10 Mar 2013 11:44:06 +0100
On 09.03.2013 22:37, mrg@NetBSD.org wrote:
> Synopsis: libexec/httpd does not properly URL-escape directory names in index
>
> State-Changed-From-To: open->feedback
> State-Changed-By: mrg@NetBSD.org
> State-Changed-When: Sat, 09 Mar 2013 21:37:05 +0000
> State-Changed-Why:
> i commited a slightly different patch that properly handles 'len'. can
> you please update -current and see if it also works for you now? if so,
> i'll submit pullups to netbsd-6. thanks!
>
>
> .mrg.
>
>
>
Hi,
works fine in my case,
thanks.
State-Changed-From-To: feedback->closed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sun, 10 Mar 2013 23:33:45 +0000
State-Changed-Why:
thanks!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.