Bug in mod_cgi (inets) with REMOTE_USER

guillaume.bongenaar <>
Mon Jun 17 11:36:33 CEST 2002


In inets, mod_cgi crashes when a directory is protected for a group or
for a user and we try to execute a CGI script inside this protected
directory (patch below).
This bug seems to be present in latest version P9


 httpd.conf contains:

 <Directory /var/tmp/server_root/htdocs/cgi-bin>
  AuthDBType plain
  AuthName Open Area
  AuthUserFile /var/tmp/server_root/auth/passwd
  AuthGroupFile /var/tmp/server_root/auth/group
  require user junior
</Directory>

 Opening http://host:port/cgi-bin/script_name causes:

 {function_clause,[{lists,flatten,
                          [{"REMOTE_USER","junior"},
                           [[{"HTTP_IF_MODIFIED_SINCE",
                              "Mon, 10 Jun 2002 15:20:29 GMT"},
                             {"HTTP_COOKIE",
                              "ID=bGxkdg==:U8BzMAszXACT9u7e1LZ5Bw=="},
                             {"HTTP_CONNECTION","keep-alive"},
                             {"HTTP_KEEP_ALIVE","300"},
                             {"HTTP_ACCEPT_CHARSET",
                              "ISO-8859-1, utf-8;q=0.66, *;q=0.66"},
                             {"HTTP_ACCEPT_ENCODING",
                              "gzip, deflate, compress;q=0.9"},
                             {"HTTP_ACCEPT_LANGUAGE","fr, en;q=0.50"},
                             {"HTTP_ACCEPT",
                              "text/xml, application/xml, 
 application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, 
 image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1"},
                             {"HTTP_USER_AGENT",
                              "Mozilla/5.0 (X11; U; Linux i686; en-US; 
 rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2"},
                             {"HTTP_HOST","localhost:8081"}]],
                           []]},
                   {mod_cgi,exec_script,5},
                   {httpd_response,traverse_modules,2},
                   {httpd_response,send,5},
                   {httpd_listener,do_next_connection,6},
                   {httpd_listener,handle_connection1,4},
                   {proc_lib,init_p,5}]}


Fix:

--- otp_src_P9_2002-06-13/lib/inets/src/mod_cgi.erl.orig        Fri Jun 14 18:03:39 2002
+++ otp_src_P9_2002-06-13/lib/inets/src/mod_cgi.erl     Fri Jun 14 18:04:12 2002
@@ -232,11 +232,11 @@
     Env2 =
         case httpd_util:key1search(Info#mod.data,remote_user) of
             undefined ->
                 Env1;
             RemoteUser ->
-                [Env1|env("REMOTE_USER",RemoteUser)]
+                [Env1,env("REMOTE_USER",RemoteUser)]
         end,
     lists:flatten([Env2|PH]).








More information about the erlang-questions mailing list