From agapon@excite.com  Fri Jan 17 13:51:56 2003
Return-Path: <agapon@excite.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 472BA37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 17 Jan 2003 13:51:56 -0800 (PST)
Received: from mta11.srv.hcvlny.cv.net (mta11.srv.hcvlny.cv.net [167.206.5.46])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D79043F18
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 17 Jan 2003 13:51:55 -0800 (PST)
	(envelope-from agapon@excite.com)
Received: from asv10.srv.hcvlny.cv.net (asv10.srv.hcvlny.cv.net [167.206.5.38])
 by mta11.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.05 (built Nov  6 2002))
 with ESMTP id <0H8V00CFDOPPEE@mta11.srv.hcvlny.cv.net> for
 FreeBSD-gnats-submit@freebsd.org; Fri, 17 Jan 2003 16:51:28 -0500 (EST)
Received: from edge.foundation.invalid
 (ool-4355489e.dyn.optonline.net [67.85.72.158])	by asv10.srv.hcvlny.cv.net
 (8.12.6/8.11.6) with ESMTP id h0HLpLHv023078	for
 <FreeBSD-gnats-submit@freebsd.org>; Fri, 17 Jan 2003 16:51:22 -0500 (EST)
Received: from edge.foundation.invalid
 (localhost.foundation.invalid [127.0.0.1])	by edge.foundation.invalid
 (8.12.6/8.12.3) with ESMTP id h0HLpJZX068442	for
 <FreeBSD-gnats-submit@freebsd.org>; Fri, 17 Jan 2003 16:51:19 -0500
Received: (from avg@localhost)	by edge.foundation.invalid
 (8.12.6/8.12.3/Submit) id h0HLpIiW068441; Fri, 17 Jan 2003 16:51:18 -0500 (EST)
Message-Id: <200301172151.h0HLpIiW068441@edge.foundation.invalid>
Date: Fri, 17 Jan 2003 16:51:18 -0500 (EST)
From: Andriy Gapon <avg@icyb.net.ua>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: apache13 mod_mime_magic incorrectly handles unrecognized files
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         47174
>Category:       ports
>Synopsis:       apache13 mod_mime_magic incorrectly handles unrecognized files
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 17 14:00:17 PST 2003
>Closed-Date:    Sat Feb 08 12:12:10 PST 2003
>Last-Modified:  Sat Feb 08 12:12:10 PST 2003
>Originator:     Andriy Gapon
>Release:        FreeBSD 4.7-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD edge.foundation.invalid 4.7-RELEASE-p2 FreeBSD 4.7-RELEASE-p2 #0: Tue Nov 19 17:28:50 EST 2002 avg@edge.foundation.invalid:/sys-devel/obj/sys-devel/src/sys/EDGE i386
apache-1.3.27 from the ports

	
>Description:
there is a bug in mod_mime_magic, due to which mod_mime_magic sets content type
for a file, that it can not actually recognize, to text/plain and returns
successful status. This happens because ascmagic() sets type to 'text/plain'
and reurns success even if all magic check have failed. In addition to that,
even if ascmagic() would behave correctly, module would anyway set content type
to application/octet-stream and returned success.
Such a behaviour (1) overrides DefaultType parameter and makes it useless in
the presense of mod_mime_magic and (2) puts too much intelegence in 
mod_mime_magic by making a decision about 'last resort' content type, instead
of honestly returning an error.

>How-To-Repeat:
1. enable mod_mime_magic in apache
2. set DefaultType to anything but text/plain
3. create a file that is not of any known type and does not have any known 
extension, (in my case it was export of Windows2000 security console settings -
*.msc file)
4. make the file accessible via apache via http
5. get the file from http client
6. observe that apache returns content type as text/plain

>Fix:

	

--- mod_mime_magic.c.patch begins here ---
--- src/modules/standard/mod_mime_magic.c.orig	Fri Jan 17 15:51:10 2003
+++ src/modules/standard/mod_mime_magic.c	Fri Jan 17 15:53:59 2003
@@ -244,7 +244,7 @@
 static int ascmagic(request_rec *, unsigned char *, int);
 static int is_tar(unsigned char *, int);
 static int softmagic(request_rec *, unsigned char *, int);
-static void tryit(request_rec *, unsigned char *, int, int);
+static int tryit(request_rec *, unsigned char *, int, int);
 static int zmagic(request_rec *, unsigned char *, int);
 
 static int getvalue(server_rec *, struct magic *, char **);
@@ -889,7 +889,8 @@
 	magic_rsl_puts(r, MIME_TEXT_UNKNOWN);
     else {
 	buf[nbytes++] = '\0';	/* null-terminate it */
-	tryit(r, buf, nbytes, 1); 
+	if((result = tryit(r, buf, nbytes, 1)) != OK)
+	  return result; 
     }
 
     (void) ap_pclosef(r->pool, fd);
@@ -899,32 +900,33 @@
 }
 
 
-static void tryit(request_rec *r, unsigned char *buf, int nb, int checkzmagic)
+static int tryit(request_rec *r, unsigned char *buf, int nb, int checkzmagic)
 {
     /*
      * Try compression stuff
      */
 	if (checkzmagic == 1) {  
 			if (zmagic(r, buf, nb) == 1)
-			return;
+			return OK;
 	}
 
     /*
      * try tests in /etc/magic (or surrogate magic file)
      */
     if (softmagic(r, buf, nb) == 1)
-	return;
+	return OK;
 
     /*
      * try known keywords, check for ascii-ness too.
      */
     if (ascmagic(r, buf, nb) == 1)
-	return;
+	return OK;
 
     /*
      * abandon hope, all ye who remain here
      */
-    magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
+    /* magic_rsl_puts(r, MIME_BINARY_UNKNOWN); */
+    return DECLINED;
 }
 
 #define    EATAB {while (ap_isspace((unsigned char) *l))  ++l;}
@@ -2059,6 +2061,11 @@
     }
 
     /* all else fails, but it is ascii... */
+    /* oh yeah ? is that right ? */
+    return 0;
+
+    /* UNREACHED */
+
     if (has_escapes) {
 	/* text with escape sequences */
 	/* we leave this open for further differentiation later */
@@ -2130,7 +2137,9 @@
 	return 0;
 
     if ((newsize = uncompress(r, i, &newbuf, nbytes)) > 0) {
-	tryit(r, newbuf, newsize, 0);
+	int result = tryit(r, newbuf, newsize, 0);
+	if(result != OK)
+	  return 0;
 
 	/* set encoding type in the request record */
 	r->content_encoding = compr[i].encoding;
--- mod_mime_magic.c.patch ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ache 
State-Changed-When: Sat Feb 8 12:09:03 PST 2003 
State-Changed-Why:  
It is unclear is this behaviour the bug or special feature as designed. 
You need to send this bug to Apache httpd maintainers instead. If it is really 
the bug, it will be fixed by them and Apache port adopts the fix with the  
next version of Apache. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=47174 
>Unformatted:
