DO NOT REPLY [Bug 45187] New: Long File name requests gives FORBIDDEN response

Wed, 11 Jun 2008 18:52:48 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=45187

           Summary: Long File name requests gives FORBIDDEN response
           Product: Apache httpd-2
           Version: 2.2.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: critical
          Priority: P1
         Component: Core
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


Created an attachment (id=22112)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22112)
Long Filenames Patch

Hi, I'm currently working for a huge e-commerce dev team, and we've been having
errors with long URLs in apache.

For some reason, GETting the following URL (323 chars long):
http://my-server.com.ar/celulares_isNcaracteristica-camara-telefono-movilZcaracteristica-camara-telefono-movil--nd--_isNmodelo-telefono-movilZmodelo-telefono-movil--nd--_isNproveedor-servicio-telefoniaZproveedor-servicio-telefonia--nd--_isNtecnologia-telefono-movilZtecnologia-telefono-movil--nd--_isNtipo-telefono-movilZtipo-telefono-movil--nd--
Apache replies a 403 - HTTP_FORBIDDEN, and in the log file we found:

[Wed Jun 11 13:48:50 2008] [error] [client 127.0.0.1] (36)File name too long:
access to
/celulares_isNcaracteristica-camara-telefono-movilZcaracteristica-camara-telefono-movil--nd--_isNmodelo-telefono-movilZmodelo-telefono-movil--nd--_isNproveedor-servicio-telefoniaZproveedor-servicio-telefonia--nd--_isNtecnologia-telefono-movilZtecnologia-telefono-movil--nd--_isNtipo-telefono-movilZtipo-telefono-movil--nd--
failed.

BUT, if I prepend a "directory" to that exact same URL, like the following:
http://my-server.com.ar/sample_directory/celulares_isNcaracteristica-camara-telefono-movilZcaracteristica-camara-telefono-movil--nd--_isNmodelo-telefono-movilZmodelo-telefono-movil--nd--_isNproveedor-servicio-telefoniaZproveedor-servicio-telefonia--nd--_isNtecnologia-telefono-movilZtecnologia-telefono-movil--nd--_isNtipo-telefono-movilZtipo-telefono-movil--nd--
it works OK!

After looking thru the source code, I've found that there are a few places
where a call to the OS is made to retrieve file info, which seems to raise an
error when the file name is longer than that supported. And for those cases, it
replied with a FORBIDDEN status.

SOLUTION (?):
What I decided to do was to change a few lines so for those cases, we react the
same as if that file DIDN'T EXIST. Long story short: before going for the OS to
retrieve file information, I check if the file name is longer than that
supported. If it is, I reply with an APR_ENAMETOOLONG code. And then, on
request.c I mark the request:
thisinfo.filetype = APR_NOFILE;

I'm attaching the diff for this patch. Please let me know if this is a valid
solution to my problem, or if this could raise any other issues.
Thanks,
Román.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to