Received: (qmail 81416 invoked by uid 501); 2 Dec 2001 19:12:22 -0000 Message-Id: <20011202191222.81415.qmail@apache.org> Date: 2 Dec 2001 19:12:22 -0000 From: Axel Beckert Reply-To: apache-bugs@deuxchevaux.org To: submit@bugz.apache.org Subject: SSI date-containing variables (LAST_MODIFIED, DATE_LOCAL, DATE_GMT) screwed up after #exec cgi="..." or #printenv X-Send-Pr-Version: 3.110 >Number: 8927 >Category: mod_include >Synopsis: SSI date-containing variables (LAST_MODIFIED, DATE_LOCAL, DATE_GMT) screwed up after #exec cgi="..." or #printenv >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sun Dec 02 11:20:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: apache-bugs@deuxchevaux.org >Release: 2.0.28, 2.0.29 >Organization: apache >Environment: uname -mrs: FreeBSD 4.2-RELEASE i386 gcc -v: gcc version 2.95.2 19991024 (release) Apache 2.0.28 and 2.0.29-dev from CVS on 29-Nov-2001. >Description: If I output the value of one of the date-containing SSI variables (like e.g. LAST_MODIFIED) via the SSI command #echo var="..", their value is screwed up, either containing binary garbage or (truncated) content of other CGI/SSI variables like e.g. PATH. The same values also appear in an environment dump via the SSI command #printenv. See first example URL. Another phenomenon, I discovered is, that the values of those variables may screw up after a SSI #printenv call, even if they weren't screwed up before. See second example URL. Hint: I discovered this problem first after upgrading from 2.0.16 beta to 2.0.28 but I'm not really sure, if the problem was already there in 2.0.16. >How-To-Repeat: Due to discovering the bug while trying to find out more details about PR#8772, the demo pages are at http://xcip3.studcs.uni-sb.de:8042/8772-2.shtml and http://xcip3.studcs.uni-sb.de:8042/8772-3.shtml. The initial bug report also shows this phenomenon: http://xcip3.studcs.uni-sb.de:8042/8772.shtml. The sources of these SSI pages are also available there. See the bottom of the mentioned pages. [If the host is down, try cip117 instead of xcip3.] >Fix: Looks like a format string error to me. >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]