Received: (qmail 24307 invoked by uid 2012); 3 Dec 1998 15:09:44 -0000 Message-Id: <19981203150944.24306.qmail@hyperreal.org> Date: 3 Dec 1998 15:09:44 -0000 From: Don Munro Reply-To: munro@iss.ca To: apbugs@hyperreal.org Subject: substring_conf() does not parse a quoted string correctly X-Send-Pr-Version: 3.2 >Number: 3485 >Category: mod_alias >Synopsis: substring_conf() does not parse a quoted string correctly >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: duplicate >Submitter-Id: apache >Arrival-Date: Thu Dec 3 07:10:00 PST 1998 >Last-Modified: Thu Dec 3 08:39:39 PST 1998 >Originator: munro@iss.ca >Organization: >Release: 1.3.2 >Environment: Win32 MS DevStudio 6.0 >Description: substring_conf() will parse "e:\develo~1\Apache\cgi-bin\" out as e:\develo~1\Apache\cgi-bin". Note that the last '\' is replaced with a quote. This results in the error script not found or unable to stat: e:/development/apache/cgi-bin"cgictest.EXE. >How-To-Repeat: Put quotes around the path for ScriptAlias. For example, ScriptAlias /cgi-bin/ "e:\develo~1\Apache\cgi-bin\" Now try to run the cgi. >Fix: substring_conf() in ../main/util.c (called from ap_getword_conf()) seems to be the culprit. When parsing the string "e:\develo~1\Apache\cgi-bin\" (quotes are part of the string), it replaces the last '\' with '"'. At quick glance, with only this case in mind, the following change should do the trick: if (start[i] == '\\' && (start[i + 1] == '\\' || (quote && start[i + 1] == quote))) << *resp++ = start[++i]; >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: coar State-Changed-When: Thu Dec 3 08:39:39 PST 1998 State-Changed-Why: This is not a bug. Sloshes are used as 'quote the next character,' so the last slosh is telling Apache to *not* remove the following character -- which is a quotation mark. The problem is that your directive is incorrect. You should use slashes, not sloshes, for all paths relating to Apache. In other word, the second argument should be "e:/develo~1/Apache/cgi-bin/". This is documented at (look for the string 'slash'). Thanks for the report, though, and for using Apache. Release-Changed-From-To: 1.3.2 Win32-1.3.2 Release-Changed-By: coar Release-Changed-When: Thu Dec 3 08:39:39 PST 1998 Class-Changed-From-To: sw-bug-duplicate Class-Changed-By: coar Class-Changed-When: Thu Dec 3 08:39:39 PST 1998 >Unformatted: >> *resp++ = start[i++]; [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]