Possible bug with ModPerl 1.25 and Escape_uri

Fri, 06 Jul 2001 00:05:13 -0700 

Hello,
        I hope this is the right place to put this. I have some code that takes data
from a database and encrypts it via Blowfish and CBC. Not a problem so far, 
the problems comes with sending it to the client.

        If i do this 

                my $f=CGI::Cookie->new(-name => 'Ticket',
                            -path=>'/',
                            -value => $ciphertext
                            );
                warn " --- $f --- ";
                return $f;

        (And i had assigned it into a tmp variable and then 'warned' to the
apache-error.log) I get this

         --- Ticket=RandomIV%1F%BC%B8%0B%2C%408%8E%3Fg%B8%AD%1D%60j%D0O
%BDW%DD%29%94%A5%01%5B%99G%00%16r%F6%CF%B6%E5%F7%BB%C1-%FF
%D8%B9WjLULA%0D%15%BCAb%BAT%5C%EB%2CQ%3E4b2%B6%BF%84%C5%F7
%83W0pm%25%AC%E77%8F%C8B%BFJN%C0Id%1FI%A6%90%06%29A%93IR%A6%A0
%E8Z%7DM%8B%BAK%7F%84%F5%09F%FF%7F%C3%E3%C4k_%C7%E7%E2%7D8
%EA%DB%11%DFe%7B%C5%F0%E7%95%AC%AD%8B%D8%DBp%B9n%A4Co%A6%F1
%1B%F2%FF%0C%9D%5E%23%EFh1B%83g%07%A6%91%A8F%EBZ%BFUke%808%25T
%7D%F5%89Vq%B4%B8%3D%FB%0C%9F%7D%C7%CAM%BA%7B%1Dph%9C%95-%1F
%D5%DB%1D%93%E6C%07%C1%F5%FB%7E%27%A7%E3g%CA%1E%10T%94%09%1A
%96%E3%5C%01%8E%0A%B3%02%B3%B8%26%F3%11%FDg%02%D2%3B%9E%3CP%19
%AE%2F%89%C9%D7%84%ED%B5%EE%D5l%AE%EF%0BK%DA%3D%F7E%5E%C6
%2BqI%40z%25%03%24%9F%22q%A3%25v%BC%13%AB%DF%1ES%B1RT%20F%BF
%FA%DD%3D%9E%20%EE%DE%BE%15e%CA%1Ao%A9%D3%0E%7E%B6%08%B1
%CD%12%1A%7ES; path=/ ---

        apologies for the largeness of that string, but i wanted to show that it does
indeed work as i had planned. Now, i had wanted to get rid off CGI from the
mod_perl processes (makes it use jst that bit less memory) and I have 
converted most of it away, except when i do this (with the same string you 
will notice)

         my $t=escape_uri($ciphertext);
         warn " -= Ticket=$t; path=/ =- ";
         return "Ticket=$t; path=/";

        i get this very nice string instead

         -= Ticket=RandomIV%1f%bc%b8%0b,@8%8e%3fg%b8%ad%1d%60j%d0O
%bdW%dd)%94%a5%01%5b%99G; path=/; =-


        Now, if i look at the string (and ignoring all the strange characters that 
slip through escape_uri) i cant help but notice that escape_uri 'breaks' on 
the character after %99G which, lo and behold, is %00 which says to me that
for some reason CGI::Cookie does the 'right thing' in the case of Blowfish 
encrypted text, but escape_uri in mod_perl doesnt.

        Any pointers or 'your stupid' are, as always, welcome.

        Regards and thanks
        Stef

(Apache version is 1.3.17, modperl 1.25)

Reply via email to