www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maurizio Marini <mau...@datalogica.com>
Subject Re: rewriting post parameters
Date Fri, 04 Oct 2002 12:00:24 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 04 October 2002 12:26 pm, i.t wrote:
  >it would be helpful, if you could provide some more actual details
 
Hi sir,

I'm developing in redhat 7.3 httpd 1.3.23-14; it's a very complex infrastructure with mod_pubcookie,
mod_proxy and mod_rewrite
it's noteasy to describe it; it's easier for me show you the piece of code that in  http allowed
 me to change parameter in post stuff, but not in https


int change_out_post(request_rec *r, char *username) {
   char argsbuffer[HUGE_STRING_LEN];
   int retval;

   /* checkout http_protocols.c for reading the body info */
   if ((retval = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
        return retval;

   if (ap_should_client_block(r)) {
	char *p=r->connection->client->inptr;
        int len_read;
        ap_hard_timeout("copy script args", r);

		;
		if ((p=strstr(r->connection->client->inptr, "username")) != NULL) {
			memcpy( p+strlen("username="), foo, 10);
			p=r->connection->client->inptr;
		}
		libpbc_debug("change_out_post[%d]: inptr: %s\n", __LINE__, p);
		ap_kill_timeout(r);
    }
    return(1);

}

i try to explain it:

Premise.
suppose that u want authenticate a user and after authentication u want to add the username
to hidden parameter
beacause application on backend (we are in rev-proxy architecture) needs it as post parameters.

The misfact.
before autheticating using mod_pubcookie i add some hidden parameter initialized to null
e.g. 'username=                                                                   '
u can see sufficient blanks after username=, to accomodate for username value
it's a low tricky, don't blame to me!

after authetication i try to valorize username...how?!?
with strstr i search the parameter name in post area pointed (if we are in http!!!) by r->connection->client->inptr
i add 9 bytes to this pointer (strlen("username="))
i write the username in place of blanks
done!
this horrible trick worked until i pass to https...

Conclusion.
i fear that it's not portable (sure it doesn't work in apache 2.0!) and after apache 
rewriting for chunked exploit all my stuff is outdated, even i've not tested it;
i write this piece of code the days before 21 June!!!

My prayer.
now, i know well that this piece of sw cannot be a solution and i seraching for some help
to do something more robust and reliable.

thnx in advance!


- -- 
Maurizio Marini
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9nYLY4Q/49nIJTlwRAvyGAJ477retyJiKljXEpbDK6/R1C0js7gCfY9o1
cBcLKP/t/J0NITERpWOnl6I=
=2GFV
-----END PGP SIGNATURE-----

Mime
View raw message