[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #9636 [Tor]: Tor not fully passing input to CGI script
#9636: Tor not fully passing input to CGI script
----------------------+---------------------
Reporter: hnaparst | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------+---------------------
As a hobby project, I thought I would create a public mailserver as a
hidden service. When I got to the part about creating a self-registration
page, which I did as a CGI with compiled C, I ran into a bizarre problem.
When accessing the registration service from the Tor Browser, either as a
hidden service or directly through the IP address, the registration
process fails because some of the information is not passed correctly to
the CGI script. The script completes successfully if you turn off the tor
service in the browser or use another browser.
The registration page is: http://54.229.143.194/cgi-
bin/vqregister/vqregister.cgi
This is an Amazon instance, which I will leave on until this case is
resolved. If you wish, I can send you an AMI.
For instance, trying to register an account with name, username, and
password of foox results in Apache thinking that it only received 48
characters: fname=foox&user=foox&dom=7wwgnynofwo7wodd.onion& instead of
the full 86 characters
fname=foox&user=foox&dom=7wwgnynofwo7wodd.onion&pass=foox&vpass=foox&Register=Register
Oddly, the Apache script log correctly shows
%% [Sat Aug 31 09:46:49 2013] POST /cgi-bin/vqregister/vqregister.cgi
HTTP/1.1
%% 500 /var/www/localhost/cgi-bin/vqregister/vqregister.cgi
%request
Host: 54.229.143.194
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101
Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://54.229.143.194/cgi-bin/vqregister/vqregister.cgi
Content-Type: application/x-www-form-urlencoded
Content-Length: 86
fname=foox&user=foox&dom=7wwgnynofwo7wodd.onion&pass=foox&vpass=foox&Register=Register
%response
I would conclude that it is an Apache misconfiguration, since the script
log looks fine, except that this problem only occurs when using Tor. It
fails 100% of the time with Tor, and succeeds 100% of the time without
Tor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9636>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs