NetBSD Problem Report #47740
From www@NetBSD.org Sat Apr 13 16:08:05 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 3947B63EC01
for <gnats-bugs@gnats.NetBSD.org>; Sat, 13 Apr 2013 16:08:05 +0000 (UTC)
Message-Id: <20130413160804.572B963EC01@www.NetBSD.org>
Date: Sat, 13 Apr 2013 16:08:04 +0000 (UTC)
From: code@boerschig.net
Reply-To: code@boerschig.net
To: gnats-bugs@NetBSD.org
Subject: libexec/httpd rfc3986 encoding of location header
X-Send-Pr-Version: www-1.0
>Number: 47740
>Category: misc
>Synopsis: libexec/httpd rfc3986 encoding of location header
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Apr 13 16:10:00 +0000 2013
>Closed-Date: Mon Nov 02 10:54:57 +0000 2015
>Last-Modified: Mon Nov 02 10:54:57 +0000 2015
>Originator: MB
>Release: 6.99.17
>Organization:
>Environment:
NetBSD 6.99.17 (XEN3PAE_DOMU) #0: Sat Feb 23 12:24:40 UTC 2013 builds@b8.netbsd.org:/home/builds/ab/HEAD/i386/201302230640Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/XEN3PAE_DOMU i386
>Description:
The HTTP redirect does a rfc3986-encoding of the path-component of the URL, the hex-encoding of the '/'-separator results in invalid HTTP output. (e.g., different browsers report an error)
>How-To-Repeat:
start httpd:
mkdir cgi-bin
httpd -I 8080 -bf -X -c cgi-bin/ . 127.0.0.1
requesting http://127.0.0.1:8080/cgi-bin (without trailing /) results in a status 301 (Document Moved) with a Location-header of 'http://127.0.0.1:8080%2Fcgi-bin%2F' which results in a "Corrupted Content Error" in Firefox (and similar errors in other browsers).
The '/' in the path component shouldn't be hex-escaped.
>Fix:
escape_rfc3986() shouldn't escape '/' in the path-portion of a URL; or don't escape the URL in the handle_redirect() (line 965 of bozohttpd.c); not sure which one is the correct approach.
>Release-Note:
>Audit-Trail:
From: Mateusz Kocielski <shm@digitalsun.pl>
To: gnats-bugs@NetBSD.org
Cc: code@boerschig.net
Subject: Re: misc/47740
Date: Mon, 2 Nov 2015 08:40:49 +0000
Hi there,
may I ask you to test it with httpd current version from CVS? It should
be fixed by that commit:
http://mail-index.netbsd.org/source-changes/2015/10/28/msg069711.html
Best Regards,
Mateusz Kocielski
State-Changed-From-To: open->closed
State-Changed-By: shm@NetBSD.org
State-Changed-When: Mon, 02 Nov 2015 10:54:57 +0000
State-Changed-Why:
Patch tested by originator, code comitted, bug fixed.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home