DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40749>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40749 Summary: magic file with string and "%n" causes Apache child to crash Product: Apache httpd-2 Version: 2.3-HEAD Platform: PC OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: mod_mime_magic AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hello, I have discovered a minor bug in mod_mime_magic. If an entry in the magic file has the type "string" and a mime type containing "%n", and you try to fetch a file with Apache that matches that entry, the Apache child will crash with a segmentation fault. I suppose that the reason why the code supports format strings in the desc variable is so you can use "%d" or "%s" and include data from the file you are trying to determine the type of in the output, but does anyone use this functionality with Apache? If they do, is it necessary to support the full format string functionality with things like "%n" and "%x", or is it enough to simulate a subset of it (say, only "%s" and "%d")? Below is a session that shows off this problem by downloading a SID file, changing the magic file entry for SID files, and then crashing the Apache child by fetching the file. // Ulf Harnhammar [EMAIL PROTECTED] $ cd htdocs $ wget http://hafnium.prg.dtu.dk/HVSC/C64Music/Galway_Martin/Yie_Ar_Kung_Fu.sid --01:04:01-- http://hafnium.prg.dtu.dk/HVSC/C64Music/Galway_Martin/Yie_Ar_Kung_Fu.sid => `Yie_Ar_Kung_Fu.sid' Resolving hafnium.prg.dtu.dk... 130.225.91.226 Connecting to hafnium.prg.dtu.dk|130.225.91.226|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 7,934 (7.7K) [audio/prs.sid] 100%[=================================================================================================================>] 7,934 --.--K/s 01:04:01 (190.93 KB/s) - `Yie_Ar_Kung_Fu.sid' saved [7934/7934] $ mv Yie_Ar_Kung_Fu.sid yiear.kungfu $ cd .. $ bin/httpd $ nc localhost 1337 HEAD /yiear.kungfu HTTP/1.0 HTTP/1.1 200 OK Date: Thu, 12 Oct 2006 23:05:01 GMT Server: Apache/2.0.59 (Unix) Last-Modified: Sat, 17 Aug 2002 23:55:45 GMT ETag: "c46e-1efe-13ace240" Accept-Ranges: bytes Content-Length: 7934 Connection: close Content-Type: audio/prs.sid $ cd conf $ fgrep prs.sid magic 0 string PSID audio/prs.sid $ sed -e 's/prs\.sid/%n%n%n%n/' magic > magic2 $ mv magic2 magic $ fgrep '%n%n' magic 0 string PSID audio/%n%n%n%n $ ps ax | fgrep httpd 14354 ? Ss 0:00 bin/httpd 14355 ? S 0:00 bin/httpd 14356 ? S 0:00 bin/httpd 14357 ? S 0:00 bin/httpd 14358 ? S 0:00 bin/httpd 14359 ? S 0:00 bin/httpd 14361 ? S 0:00 bin/httpd 14378 pts/0 R+ 0:00 grep -F httpd $ kill -HUP 14354 $ cd .. $ nc localhost 1337 HEAD /yiear.kungfu HTTP/1.0 $ cd logs $ cat access_log 127.0.0.1 - - [13/Oct/2006:01:05:01 +0200] "HEAD /yiear.kungfu HTTP/1.0" 200 - $ cat error_log [Fri Oct 13 01:04:46 2006] [notice] Apache/2.0.59 (Unix) configured -- resuming normal operations [Fri Oct 13 01:05:58 2006] [notice] SIGHUP received. Attempting to restart [Fri Oct 13 01:05:58 2006] [notice] Apache/2.0.59 (Unix) configured -- resuming normal operations [Fri Oct 13 01:06:17 2006] [notice] child pid 14379 exit signal Segmentation fault (11) $ -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
