Tor not fully passing input to CGI script
As a hobby project, I thought I would create a public mailserver as a hidden service. When I got to the part about creating a self-registration page, which I did as a CGI with compiled C, I ran into a bizarre problem.
When accessing the registration service from the Tor Browser, either as a hidden service or directly through the IP address, the registration process fails because some of the information is not passed correctly to the CGI script. The script completes successfully if you turn off the tor service in the browser or use another browser.
The registration page is: http://54.229.143.194/cgi-bin/vqregister/vqregister.cgi
This is an Amazon instance, which I will leave on until this case is resolved. If you wish, I can send you an AMI.
For instance, trying to register an account with name, username, and password of foox results in Apache thinking that it only received 48 characters: fname=foox&user=foox&dom=7wwgnynofwo7wodd.onion& instead of the full 86 characters fname=foox&user=foox&dom=7wwgnynofwo7wodd.onion&pass=foox&vpass=foox&Register=Register
Oddly, the Apache script log correctly shows
%% [Sat Aug 31 09:46:49 2013] POST /cgi-bin/vqregister/vqregister.cgi HTTP/1.1 %% 500 /var/www/localhost/cgi-bin/vqregister/vqregister.cgi %request Host: 54.229.143.194 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://54.229.143.194/cgi-bin/vqregister/vqregister.cgi Content-Type: application/x-www-form-urlencoded Content-Length: 86
fname=foox&user=foox&dom=7wwgnynofwo7wodd.onion&pass=foox&vpass=foox&Register=Register %response
I would conclude that it is an Apache misconfiguration, since the script log looks fine, except that this problem only occurs when using Tor. It fails 100% of the time with Tor, and succeeds 100% of the time without Tor.
Trac:
Username: hnaparst