>Number:         5792
>Category:       mod_autoindex
>Synopsis:       Filenames >= 25 characters cause garbage on directory listing
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Feb 21 10:50:03 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     [EMAIL PROTECTED]
>Release:        1.3.6
>Organization:
apache
>Environment:
Slackware Linux, 2.0.34 kernel
gcc version egcs-2.90.29 980515 (egcs-1.0.3 release)
>Description:
When a directory has no index file and a listing of files is returned to the 
client, garbage may occur.
This only happens when there are filenames of length 25 or greater.
When the garbage is returned, it is immediately following the >= 25 character 
filename.
After the garbage, the directory listing continues.
If another filename of >= 25 characters is encountered, more garbage shows up.
This happens most of the time, however sometimes the listing is clean.

Also, the "garbage" is not just random data, but data that should be going to 
other clients who are accessing other web sites hosted on the same server.\
Sometimes the data is nice chunks of a HTML file, other times it's binary spew 
of an image.

This could be a security risk as well if some sensitive data were presented in 
the "garbage" listing.

The server performance is not affected by this, file contents are not modified 
or mangled, only directory listing output is a mess.
>How-To-Repeat:
Create a test directory.
Create several files (content is irrelevant) with filenames of various lengths, 
making sure some are 23, 24, 25, and 26 characters long.
View the directory via web browser, reload as necessary to see none/various 
garbage.

Example URL:  http://www.drcheap.com/test
>Fix:
I have NO clue...this could be anything from filesystem related stuff to shared 
memory space problems or something else completely.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 

Reply via email to