Bug in mod_cgi (inets) with REMOTE_USER
guillaume.bongenaar@REDACTED
guillaume.bongenaar@REDACTED
Mon Jun 17 11:36:33 CEST 2002
In inets, mod_cgi crashes when a directory is protected for a group or
for a user and we try to execute a CGI script inside this protected
directory (patch below).
This bug seems to be present in latest version P9
httpd.conf contains:
<Directory /var/tmp/server_root/htdocs/cgi-bin>
AuthDBType plain
AuthName Open Area
AuthUserFile /var/tmp/server_root/auth/passwd
AuthGroupFile /var/tmp/server_root/auth/group
require user junior
</Directory>
Opening http://host:port/cgi-bin/script_name causes:
{function_clause,[{lists,flatten,
[{"REMOTE_USER","junior"},
[[{"HTTP_IF_MODIFIED_SINCE",
"Mon, 10 Jun 2002 15:20:29 GMT"},
{"HTTP_COOKIE",
"ID=bGxkdg==:U8BzMAszXACT9u7e1LZ5Bw=="},
{"HTTP_CONNECTION","keep-alive"},
{"HTTP_KEEP_ALIVE","300"},
{"HTTP_ACCEPT_CHARSET",
"ISO-8859-1, utf-8;q=0.66, *;q=0.66"},
{"HTTP_ACCEPT_ENCODING",
"gzip, deflate, compress;q=0.9"},
{"HTTP_ACCEPT_LANGUAGE","fr, en;q=0.50"},
{"HTTP_ACCEPT",
"text/xml, application/xml,
application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg,
image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1"},
{"HTTP_USER_AGENT",
"Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2"},
{"HTTP_HOST","localhost:8081"}]],
[]]},
{mod_cgi,exec_script,5},
{httpd_response,traverse_modules,2},
{httpd_response,send,5},
{httpd_listener,do_next_connection,6},
{httpd_listener,handle_connection1,4},
{proc_lib,init_p,5}]}
Fix:
--- otp_src_P9_2002-06-13/lib/inets/src/mod_cgi.erl.orig Fri Jun 14 18:03:39 2002
+++ otp_src_P9_2002-06-13/lib/inets/src/mod_cgi.erl Fri Jun 14 18:04:12 2002
@@ -232,11 +232,11 @@
Env2 =
case httpd_util:key1search(Info#mod.data,remote_user) of
undefined ->
Env1;
RemoteUser ->
- [Env1|env("REMOTE_USER",RemoteUser)]
+ [Env1,env("REMOTE_USER",RemoteUser)]
end,
lists:flatten([Env2|PH]).
More information about the erlang-questions
mailing list