>Number: 543
>Category: mod_cgi
>Synopsis: "%2F" not allowed in VGI script PATH_INFO
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun May 4 11:40:00 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2b?
>Environment:
N/A
[entered from mail to make a formal PR]
>Description:
If foo is a script, and you try to access foo/bar/baz, it will run foo and
pass /bar/baz as PATH_INFO. If you try to access foo/bar%2fbaz, it will
return NOT_FOUND because of unescape_url in util.c:
if (url[x] == '/' || url[x] == '\0') badpath = 1;
Smells like a bug. Once again (sigh) no time to look more deeply, would
appreciate if someone familiar with that area take a look...
>How-To-Repeat:
>Fix:
[paraphrase from Roy]
If you reduce all %2f occurrences to '/' before doing any processing
on the path, that should do it - at the expense of not being able to
handle any filenames that actually include '/'
>Audit-Trail:
>Unformatted:
