Received: (qmail 8985 invoked by uid 501); 17 Dec 2000 18:08:26 -0000 Message-Id: <20001217180826.8984.qmail@locus.apache.org> Date: 17 Dec 2000 18:08:26 -0000 From: Andrey Ryazanov Reply-To: sg@di-net.ru To: submit@bugz.apache.org Subject: Improper handling (mishandling?) of the \n when passing key to external RewriteMap program X-Send-Pr-Version: 3.110 >Number: 6990 >Category: mod_rewrite >Synopsis: Improper handling (mishandling?) of the \n when passing key to external RewriteMap program >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: apache >Arrival-Date: Sun Dec 17 10:10:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: sg@di-net.ru >Release: 1.3.14 >Organization: apache >Environment: FreeBSD 4.1.1-STABLE >Description: If the key string contains \n, the external program will treat this like two different requests, and all following requests will get incorrect replies. >How-To-Repeat: RewriteMap prg:/the_prog.pl (see below) RewriteRule ^(.+)$ ${prg:$1} Now fetch http://servername/test%0aboom.lala, and take a look at /tmp/the_prog.log. You'll get something like request:/test reply:/test0 request:boom.lala reply:boom.lala1 If you perform one more request (ex. http://servername/nexttest), you'll get request:/nexttest reply:/nexttest2 <-- this must be '1' !!! the_prog.pl is here: #!/usr/bin/perl $|=1; $i=0; open(LOG,">>/tmp/the_prog.log"); while () { print LOG "request:$_ reply:$_$i\n"; print "$_$i\n"; $i++; } close(LOG); >Fix: Don't see any way, but hard checking of the passed key string. >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]