NetBSD Problem Report #47629

From www@NetBSD.org  Fri Mar  8 12:51:30 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 0D4EB63EEC4
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  8 Mar 2013 12:51:29 +0000 (UTC)
Message-Id: <20130308125129.4126E63EEC4@www.NetBSD.org>
Date: Fri,  8 Mar 2013 12:51:29 +0000 (UTC)
From: code@boerschig.net
Reply-To: code@boerschig.net
To: gnats-bugs@NetBSD.org
Subject: libexec/httpd does not properly URL-escape directory names in index
X-Send-Pr-Version: www-1.0

>Number:         47629
>Category:       bin
>Synopsis:       libexec/httpd does not properly URL-escape directory names in index
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    mrg
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 08 12:55:00 +0000 2013
>Closed-Date:    Sun Mar 10 23:33:45 +0000 2013
>Last-Modified:  Sun Mar 10 23:33:45 +0000 2013
>Originator:     MB
>Release:        6.99.17
>Organization:
>Environment:
NetBSD vm 6.99.17 NetBSD 6.99.17 (XEN3PAE_DOMU) #0: Sat Feb 23 12:24:40 UTC 2013  builds@b8.netbsd.org:/home/builds/ab/HEAD/i386/201302230640Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/XEN3PAE_DOMU i386

>Description:
libexec/httpd does not fully escape the directory names in automatic generated indexes: directory names contain trailing garbage (len is initialized to strlen(url) and then incremented for the byte-to-byte copy)and some characters are not escaped.
>How-To-Repeat:
mkdir '()'
/usr/libexec/httpd -bfs -X . -I 8080
#clicking the '()' link in the generated index.html, the request fails
got request ``GET /%28)%C2%BE%10/ HTTP/1.1'' from host localhost to port 8080
# the URL should be '/%28%29'

>Fix:
diff --git a/libexec/httpd/bozohttpd.c b/libexec/httpd/bozohttpd.c
index 39b29c1..3ab446c 100644
--- a/libexec/httpd/bozohttpd.c
+++ b/libexec/httpd/bozohttpd.c
@@ -893,13 +893,14 @@ escape_rfc3986(bozohttpd_t *httpd, const char *url)
 		case ',':
 		case ';':
 		case '=':
+		case '%':
 		encode_it:
 			snprintf(d, 4, "%%%2X", *s++);
 			d += 3;
 			len += 3;
+			break;
 		default:
 			*d++ = *s++;
-			len++;
 		}
 	}
 	buf[len] = 0

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->feedback
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sat, 09 Mar 2013 21:37:05 +0000
State-Changed-Why:
i commited a slightly different patch that properly handles 'len'.  can
you please update -current and see if it also works for you now?  if so,
i'll submit pullups to netbsd-6.  thanks!


.mrg.


Responsible-Changed-From-To: bin-bug-people->mrg
Responsible-Changed-By: mrg@NetBSD.org
Responsible-Changed-When: Sat, 09 Mar 2013 21:37:18 +0000
Responsible-Changed-Why:
mine


From: "matthew green" <mrg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47629 CVS commit: src/libexec/httpd
Date: Sat, 9 Mar 2013 21:36:04 +0000

 Module Name:	src
 Committed By:	mrg
 Date:		Sat Mar  9 21:36:04 UTC 2013

 Modified Files:
 	src/libexec/httpd: bozohttpd.c

 Log Message:
 fix PR 47629, using a slightly different patch to the one in the PR.

 this modifies escape_rfc3986() to escape '%' itself, and to properly
 track the buffer size and nul out the final byte, not some random
 byte that may actually be unmapped.


 To generate a diff of this commit:
 cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/bozohttpd.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: MB <code@boerschig.net>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/47629 (libexec/httpd does not properly URL-escape directory
 names in index)
Date: Sun, 10 Mar 2013 11:44:06 +0100

 On 09.03.2013 22:37, mrg@NetBSD.org wrote:
 > Synopsis: libexec/httpd does not properly URL-escape directory names in index
 >
 > State-Changed-From-To: open->feedback
 > State-Changed-By: mrg@NetBSD.org
 > State-Changed-When: Sat, 09 Mar 2013 21:37:05 +0000
 > State-Changed-Why:
 > i commited a slightly different patch that properly handles 'len'.  can
 > you please update -current and see if it also works for you now?  if so,
 > i'll submit pullups to netbsd-6.  thanks!
 >
 >
 > .mrg.
 >
 >
 >

 Hi,
 works fine in my case,
 thanks.

State-Changed-From-To: feedback->closed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sun, 10 Mar 2013 23:33:45 +0000
State-Changed-Why:
thanks!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.