suexec/479: mod_cgi passing foobared username argument to suEXEC

[Mark Bentley]

>Number:         479
>Category:       suexec
>Synopsis:       mod_cgi passing foobared username argument to suEXEC
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Apr 24 13:50:01 1997
>Originator:     [EMAIL PROTECTED]
>Organization:
apache
>Release:        1.2b8
>Environment:
IRIX 5.3, gcc
>Description:
When passing a query string to a cgi script, apache passwd the username with
a leading backslash.   

This is the error returned by suEXEC:

  invalid target user name: (\~amundson)

Here's what haha.cgi looks like:

        #!/opt/gnu/bin/perl

        print "Content-type: text/html\n\n";
        print "hello";

>How-To-Repeat:
Works:
http://www.cs.umn.edu/~amundson/haha.cgi

Doesn't work:
http://www.cs.umn.edu/~amundson/haha.cgi?foo

Works:
http://www.cs.umn.edu/~amundson/haha.cgi?foo=bar
>Fix:

>Audit-Trail:
>Unformatted: