Hi,
If I have a PerlRun script, e.g., http://localhost/test/script, and
call it using a URL with special symbols like '(' in path_info,
PerlRun fails with server error. For example, calling
http://localhost/test/script/(
produces this error:
[Thu Mar 22 10:24:57 2007] [error] Unmatched ( in regex; marked by <--
HERE in m//( <-- HERE $/ at
/usr/local/lib/perl5/site_perl/5.8.8/mach/Apache/PerlRun.pm line 171.
The problem is due to unescaped variable interpolation in regular
expression $uri =~ /$path_info$/ in sub namespace_from:
my $path_info = $r->path_info;
my $script_name = $path_info && $uri =~ /$path_info$/ ?
substr($uri, 0, length($uri)-length($path_info)) :
$uri;
I think the same problem is also present in mod_perl2, but I do not
have it installed and cannot verify if it is actually broken. The
suspicious code is in ModPerl::RegistryCooker, sub namespace_from_uri:
my $path_info = $self->{REQ}->path_info;
my $script_name = $path_info && $self->{URI} =~ /$path_info$/
? substr($self->{URI}, 0, length($self->{URI}) - length($path_info))
: $self->{URI};
I do not think this is security problem because regular expression
will not execute (?{ arbitrary code here }) unless "use re 'eval'"
is in effect, but this is a problem that has to be fixed anyway.
--
Alex
