httpd/slowcgi not RFC compliant w.r.t. Local Redirect Response

Sat, 11 Mar 2017 06:25:15 -0800 

>Synopsis:      httpd/slowcgi not RFC compliant w.r.t. Local Redirect Response
>Category:      user
>Environment:
        System      : OpenBSD 6.0 (also under late Feb -current snapshot)
        Details     : OpenBSD 6.0-stable (GENERIC.MP) #15: Fri Mar 10 11:43:46 
AEDT 2017
                         
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

        Architecture: OpenBSD.amd64
        Machine     : amd64
>Description:

RFC 3875 The Common Gateway Interface (CGI) Version 1.1
states:
====
6.2.2.  Local Redirect Response

   The CGI script can return a URI path and query-string
   ('local-pathquery') for a local resource in a Location header field.
   This indicates to the server that it should reprocess the request
   using the path specified.

      local-redir-response = local-Location NL

   The script MUST NOT return any other header fields or a message-body,
   and the server MUST generate the response that it would have produced
   in response to a request containing the URL

      scheme "://" server-name ":" server-port local-pathquery
====

httpd/slowcgi fails to comply with this and just returns the Location header
to the client.

>How-To-Repeat:

# set up a target file
echo "OK" > /var/www/htdocs/nbg.txt

# create a simple CGI test program
cat > t.c <<EOC
#include <stdlib.h>
#include <stdio.h>

int
main(__unused int argc, __unused char *argv[])
{
        fprintf(stdout, "Location: /nbg.txt\n\n");
        return 0;
}
EOC

# build the CGI program and install as /var/www/cgi-bin/t
...

# try retrieving
: user@host; printf "GET /cgi-bin/t HTTP/1.0\r\nHost: www.example.org\r\n\r\n" \
:; | nc www.example.org 80   
HTTP/1.0 200 OK
Connection: close
Date: Sat, 11 Mar 2017 07:01:23 GMT
Location: /nbg.txt
Server: OpenBSD httpd

# "Location: /nbg.txt" is WRONG

# in contrast, trying the equivalent under Apache http (on a Linux host) gives:
: user@host; printf "GET /cgi-bin/t HTTP/1.0\r\nHost: www.example.org\r\n\r\n" \
:; | nc www.example.org 80   
HTTP/1.1 200 OK
Date: Sat, 11 Mar 2017 07:08:23 GMT
Server: Apache
Last-Modified: Sat, 11 Mar 2017 06:36:13 GMT
ETag: "4e36ef-4-54a6eb1c95622"
Accept-Ranges: bytes
Content-Length: 3
Connection: close
Content-Type: text/plain

OK

# We see the file content, which is the correct behaviour.

>Fix:
        Not know; presumably patch(es) to httpd will be required.


dmesg:
OpenBSD 6.0-stable (GENERIC.MP) #15: Fri Mar 10 11:43:46 AEDT 2017
    [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17041805312 (16252MB)
avail mem = 16520851456 (15755MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
<deleted as presumed to be irrelevant>

Reply via email to