Received: (qmail 39259 invoked by uid 501); 18 Jan 2001 04:32:13 -0000 Message-Id: <20010118043213.39222.qmail@apache.org> Date: 18 Jan 2001 04:32:13 -0000 From: Dean Pentcheff Reply-To: dean2@biol.sc.edu To: submit@bugz.apache.org Subject: Expansion of %{LA-U:REMOTE_USER} fails in RewriteCond X-Send-Pr-Version: 3.110 >Number: 7087 >Category: mod_rewrite >Synopsis: Expansion of %{LA-U:REMOTE_USER} fails in RewriteCond >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Jan 17 20:40:01 PST 2001 >Closed-Date: Thu Jan 25 19:24:12 PST 2001 >Last-Modified: Thu Jan 25 19:24:12 PST 2001 >Originator: dean2@biol.sc.edu >Release: 1.3.14 >Organization: >Environment: Redhat Linux 6.1, kernel 2.2.14-6.0.1smp, gcc 2.7.2.3 >Description: Preliminaries: this rewrite pattern worked on 1.3.11 but fails on 1.3.14. It is NOT fixed by apache_1.3.14-fix.diff. A temporary workaround for me has been to simply use the mod_rewrite.{c,h} from 1.3.11 inside an otherwise normal 1.3.14 tree. Briefly, the %{LA-U:REMOTE_USER} variable fails proper expansion in (at least) the RewriteCond pattern context. Based on logfiles, it appears that it may be due to a parsing error that whacks off the final "}" which leads to interpretation as a string rather than being variable-expanded. I suspect that this has to do with the new "do_expand()" parsing rather than the old method (note that's a suspicion, not a certainty). If you look at the working trace below (the upper set), you can see that initially the REMOTE_USER variable is empty prior to the lookahead, therefore failing to trigger a rewrite because of the RewriteCond. Next, the the lookahead triggers, finds the variable's value ("mailtest"), and the rewrite succeeds in inserting the value into the URL. In the non-working trace (the lower set), the initial check on the RewriteCond succeeds when it shouldn't. The RewriteCond pattern appears to have its trailing "}" lost, leading to treatment of the variable expression as a string to match. Since the RewriteCond succeeds, the rewrite occurs, filling in an empty string (generating "//pab.na2"). That suggests that variable expansion at that point is working (in contrast to the RewriteCond stage). Weirdly, then the lookahead goes ahead with what looks like a good variable name, but fails to find the value. The upshot is that the variable's proper value never gets inserted into the URL. Following are the data (trace lines have had IPs and dates trimmed). The working trace is generated from a 1.3.14 tree with the 1.3.11 mod_rewrite substituted into it; the failing trace is straight 1.3.14. Rewrite pattern (tokens are tab-separated) ========================================== RewriteCond %{LA-U:REMOTE_USER} !^$ RewriteRule ^.*/(.*) /%{LA-U:REMOTE_USER}/$1 [L] Trace from a RewriteLogLevel 9 with the 1.3.11 mod_rewrite (WORKING) ==================================================================== client - - [date] [server/sid#8332fb8][rid#8398708/initial] (2) init rewrite engine with requested uri /pab.na2 client - - [date] [server/sid#8332fb8][rid#8398708/initial] (3) applying pattern '^.*/(.*)' to uri '/pab.na2' client - - [date] [server/sid#8332fb8][rid#83835e0/subreq] (2) init rewrite engine with requested uri /pab.na2 client - - [date] [server/sid#8332fb8][rid#83835e0/subreq] (3) applying pattern '^.*/(.*)' to uri '/pab.na2' client - - [date] [server/sid#8332fb8][rid#83835e0/subreq] (4) RewriteCond: input='' pattern='!^$' => not-matched client - - [date] [server/sid#8332fb8][rid#83835e0/subreq] (1) pass through /pab.na2 client - mailtest [date] [server/sid#8332fb8][rid#8398708/initial] (5) lookahead: path=/pab.na2 var=REMOTE_USER -> val=mailtest client - mailtest [date] [server/sid#8332fb8][rid#8398708/initial] (4) RewriteCond: input='mailtest' pattern='!^$' => matched client - mailtest [date] [server/sid#8332fb8][rid#83835e0/subreq] (2) init rewrite engine with requested uri /pab.na2 client - mailtest [date] [server/sid#8332fb8][rid#83835e0/subreq] (3) applying pattern '^.*/(.*)' to uri '/pab.na2' client - mailtest [date] [server/sid#8332fb8][rid#83835e0/subreq] (4) RewriteCond: input='' pattern='!^$' => not-matched client - mailtest [date] [server/sid#8332fb8][rid#83835e0/subreq] (1) pass through /pab.na2 client - mailtest [date] [server/sid#8332fb8][rid#8398708/initial] (5) lookahead: path=/pab.na2 var=REMOTE_USER -> val=mailtest client - mailtest [date] [server/sid#8332fb8][rid#8398708/initial] (2) rewrite /pab.na2 -> /mailtest/pab.na2 client - mailtest [date] [server/sid#8332fb8][rid#8398708/initial] (2) local path result: /mailtest/pab.na2 client - mailtest [date] [server/sid#8332fb8][rid#8398708/initial] (2) prefixed with document_root to /usr/local/apache/mail/mailtest/pab.na2 client - mailtest [date] [server/sid#8332fb8][rid#8398708/initial] (1) go-ahead with /usr/local/apache/mail/mailtest/pab.na2 [OK] Trace from a RewriteLogLevel 9 with the 1.3.14 mod_rewrite (FAILING) ==================================================================== client - - [date] [server/sid#8332558][rid#836c340/initial] (2) init rewrite engine with requested uri /pab.na2 client - - [date] [server/sid#8332558][rid#836c340/initial] (3) applying pattern '^.*/(.*)' to uri '/pab.na2' client - - [date] [server/sid#8332558][rid#8394790/subreq] (2) init rewrite engine with requested uri /pab.na2 client - - [date] [server/sid#8332558][rid#8394790/subreq] (3) applying pattern '^.*/(.*)' to uri '/pab.na2' client - - [date] [server/sid#8332558][rid#8394790/subreq] (4) RewriteCond: input='%{LA-U:REMOTE_USER' pattern='!^$' => matched client - - [date] [server/sid#8332558][rid#8394790/subreq] (2) rewrite /pab.na2 -> //pab.na2 client - - [date] [server/sid#8332558][rid#8394790/subreq] (2) local path result: //pab.na2 client - - [date] [server/sid#8332558][rid#8394790/subreq] (1) go-ahead with //pab.na2 [OK] client - - [date] [server/sid#8332558][rid#836c340/initial] (5) lookahead: path=/pab.na2 var=REMOTE_USER -> val= client - - [date] [server/sid#8332558][rid#836c340/initial] (4) RewriteCond: input='' pattern='!^$' => not-matched client - - [date] [server/sid#8332558][rid#836c340/initial] (1) pass through /pab.na2 === end of bug report === >How-To-Repeat: >Fix: Possibly an error introduced in the rewriting of variable parsing into the "do_expand()" routine. >Release-Note: >Audit-Trail: From: Tony Finch To: Dean Pentcheff Cc: apbugs@apache.org Subject: Re: mod_rewrite/7087: Expansion of %{LA-U:REMOTE_USER} fails in RewriteCond Date: Thu, 18 Jan 2001 13:40:53 +0000 Dean Pentcheff wrote: > >Briefly, the %{LA-U:REMOTE_USER} variable fails proper expansion in >(at least) the RewriteCond pattern context. Based on logfiles, it >appears that it may be due to a parsing error that whacks off the >final "}" which leads to interpretation as a string rather than being >variable-expanded. I suspect that this has to do with the new >"do_expand()" parsing rather than the old method (note that's a >suspicion, not a certainty). Aargh, you are right. Try the patch below. Tony. -- f.a.n.finch fanf@covalent.net dot@dotat.at "Then they attacked a town. A small town, I'll admit. But nevertheless a town of people. People who died." Index: mod_rewrite.c =================================================================== RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_rewrite.c,v retrieving revision 1.166 diff -u -r1.166 mod_rewrite.c --- mod_rewrite.c 2000/11/14 09:57:25 1.166 +++ mod_rewrite.c 2001/01/18 13:37:55 @@ -2262,7 +2262,13 @@ if (endp == NULL) { goto skip; } - *endp = '\0'; + /* + * These lookups may be recursive in a very convoluted + * fashion -- see the LA-U and LA-F variable expansion + * prefixes -- so we copy lookup keys to a separate buffer + * rather than adding zero bytes in order to use them in + * place. + */ if (inp[0] == '$') { /* ${...} map lookup expansion */ /* @@ -2277,43 +2283,39 @@ * looking at it is that the recursion is entirely * driven by the syntax of the nested curly brackets. */ - char *key, *dflt, *result; + char *map, *key, *dflt, *result; char xkey[MAX_STRING_LEN]; char xdflt[MAX_STRING_LEN]; - char *empty = ""; - key = strchr(inp, ':'); - if (key == NULL) { - *endp = '}'; + key = memchr(inp, ':', endp-inp); + if (key == NULL) goto skip; - } - *key++ = '\0'; - dflt = strchr(key, '|'); + map = ap_pstrndup(r->pool, inp+2, key-inp-2); + dflt = memchr(key, '|', endp-key); if (dflt == NULL) { - dflt = empty; - } - else { - *dflt++ = '\0'; + key = ap_pstrndup(r->pool, key+1, endp-key-1); + dflt = ""; + } else { + key = ap_pstrndup(r->pool, key+1, dflt-key-1); + dflt = ap_pstrndup(r->pool, dflt+1, endp-dflt-1); } do_expand(r, key, xkey, sizeof(xkey), briRR, briRC); - do_expand(r, dflt, xdflt, sizeof(xdflt), briRR, briRC); - result = lookup_map(r, inp+2, xkey); - if (result == NULL) { - result = xdflt; - } - span = ap_cpystrn(outp, result, space) - outp; - key[-1] = ':'; - if (dflt != empty) { - dflt[-1] = '|'; + result = lookup_map(r, map, xkey); + if (result) { + span = ap_cpystrn(outp, result, space) - outp; + } else { + do_expand(r, dflt, xdflt, sizeof(xdflt), briRR, briRC); + span = ap_cpystrn(outp, xdflt, space) - outp; } } else if (inp[0] == '%') { /* %{...} variable lookup expansion */ - span = ap_cpystrn(outp, lookup_variable(r, inp+2), space) - outp; + char *var; + var = ap_pstrndup(r->pool, inp+2, endp-inp-2); + span = ap_cpystrn(outp, lookup_variable(r, var), space) - outp; } else { span = 0; } - *endp = '}'; inp = endp+1; outp += span; space -= span; From: Dean To: submit@bugz.apache.org, apache-bugdb@apache.org Cc: apbugs@apache.org, Tony Finch Subject: Re: mod_rewrite/7087: Expansion of %{LA-U:REMOTE_USER} fails in RewriteCond Date: Tue, 23 Jan 2001 02:44:56 -0500 I ran a test tonight: Tony Finch's patch solves the problem. Note that I ran it using mod_rewrite that has had both the "apache_1.3.14-fix.diff" patch and this patch applied. Chalk me up as another happy Apache customer... Thanks! -Dean -- Dean Pentcheff Biological Sciences University of South Carolina Columbia, SC 29208 USA 803-777-7068 From: Dean To: submit@bugz.apache.org, apache-bugdb@apache.org Cc: apbugs@apache.org, Tony Finch Subject: Re: mod_rewrite/7087: Expansion of %{LA-U:REMOTE_USER} fails in RewriteCond Date: Tue, 23 Jan 2001 02:44:56 -0500 I ran a test tonight: Tony Finch's patch solves the problem. Note that I ran it using mod_rewrite that has had both the "apache_1.3.14-fix.diff" patch and this patch applied. Chalk me up as another happy Apache customer... Thanks! -Dean -- Dean Pentcheff Biological Sciences University of South Carolina Columbia, SC 29208 USA 803-777-7068 State-Changed-From-To: open-closed State-Changed-By: fanf State-Changed-When: Thu Jan 25 19:24:11 PST 2001 State-Changed-Why: Problem solved! Thanks for using Apache! >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]