Bug 49859

Summary: url with additional filepath generates bad environment variables.
Product: Apache httpd-2 Reporter: Ben Griffin <ben>
Component: mod_mimeAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: REOPENED ---    
Severity: normal    
Priority: P2    
Version: 2.2.3   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Ben Griffin 2010-09-01 11:12:40 UTC
Using the following:

AddHandler   test-file                .tst
Action       test-file                    /cgi-bin/set.cgi

And with set.cgi = 

#!/bin/bash
echo
echo
echo "$@"
set

with an existing file "test.tst" and the url:  "http://host/test.tst"
everything is fine = we see eg PATH_TRANSLATED showing "...test.tst"

BUG is exposed with same environment, but the url "http://host/test.tst/ghost.html"

The handler sees test.tst and calls set.cgi - however,  PATH_TRANSLATED includes /ghost.html as a part of the path, even though clearly the logic is wrong. 

The url should not trigger the handler - (because the file ..../test.tst/ghost.html does not exist )
but should instead trigger a 404.
Comment 1 Eric Covener 2010-09-01 11:21:07 UTC
The mapping is due to AcceptPathInfo, and CGI says PATH_INFO should be included in PATH_TRANSLATED.  Followups on users@httpd.apache.org unless there's some gross misunderstanding, in which casr provide verbatim, complete config and log entries.
Comment 2 Ben Griffin 2010-09-01 12:03:17 UTC
Eric, thanks. I read up on your comments. I attempted to post a mail as suggested, but was refused.

"AcceptPathInfo Off" appears to have no effect when using a suffix handler via AddHandler (the handler in the bug report's case is a bash script calling set)

The documentation says:
http://httpd.apache.org/docs/2.0/mod/core.html#acceptpathinfo
"For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for/test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO."

"Therefore a request with trailing pathname information after the true filename such as /test/here.html/more in the above example will return a 404 NOT FOUND error."

However, this is not what I find.

Here is the entire apache config file. (note that this is based on a Mac, but the original bug was found on Debian Linux)

apache.conf follows (dso.conf is the default set of modules)
#================================================
Include /etc/apache2/dso.conf
ServerRoot /Library/WebServer
Listen 80

User _www
Group _www 

<Directory /Library/WebServer/CGI-Executables/>
	Options +ExecCGI
</Directory>

AddHandler    cgi-script            .cgi
AddType 	  application/test		.tst

ScriptAlias  /cgi/	/Library/WebServer/CGI-Executables/
Action       application/test        /cgi/set.cgi

<VirtualHost *:80>
AcceptPathInfo Off
Options -Indexes +FollowSymLinks
DocumentRoot   Documents/public
</VirtualHost>
#================================================

set.cgi follows
#================================================
#!/bin/bash
echo Status: 200 OK
echo Content-Type: text/plain
echo
set
#================================================

Directory /Library/WebServer/Documents/public contains one file, called "here.tst" which is a text file containing the word "test"

Results from the above setting. (taken from the environment as listed by set.cgi above)
NOTE THAT AcceptPathInfo IS OFF

http://127.0.0.1/here.tst/more

PATH_INFO=/here.tst/more
PATH_TRANSLATED=/Library/WebServer/Documents/public/here.tst/more

What I expect is a 404 - after all, AcceptPathInfo is OFF.

If this is not a bug, how do I ensure that PATH_TRANSLATED always points to a valid file, especially when using AddHandler