I thought I should send out a minimal test case for this.
I started with a fresh cherokee installation from etch
(on amd64 architecture) and kept the default config files.
I created /usr/lib/cgi-bin and added the following script as
/usr/lib/cgi-bin/crashme.cgi:
#!/usr/bin/python
import sys
sys.stdout.write ('Location: http://localhost/abc/def/\n'
'Status: 302 Found\n'
'\n')
I took my usual browser (iceweasel from etch) and typed
http://localhost/cgi-bin/crashme.cgi into the URL bar
The resulting access does crash cherokee.
In cherokee's defense, the output of the script does not comply with RFC 3875 -
the Status line should not be present normally. When this line is removed,
cherokee does not crash, but the web client does not redirect to
http://localhost/abc/def/ either as desired, because cherokee returns
a status of 200 for the request instead of 302 as required by RFC 3875.
Hope this helps,
--
Michel "Walken" Lespinasse
A program is never fully debugged until the last user dies.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
