"Adware" in libwww-perl (not a bug - just a common misunderstanding)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libwww-perl (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
This is not a bug, nor is it actually adware or malware of any kind. The report simply results from a misunderstanding of the semantics of the GET command. The syntax is not that of standard HTTP, and running
GET / HTTP/1.1
Actually tries to download two pages: / and HTTP/1.1 - the latter being one of those ad/search related sites.
Original description follows.
-----
Using Ubuntu Gutsy, package is libwww-perl (version 5.805-1, which should be the latest)
Typing GET / HTTP/1.1 on the command line invokes lwp-request, a perl script. But the HTML code that it dumped contains the expected list of all directories in the local root, followed by unexpected _adware_ (result of GET / HTTP/1.1 is attached).
Notice that at the end of the valid and requested HTML code, code has been appended by the script which:
1) Includes, though the use of frames, an external advertising site.
2) Uses the Windows/DOS newline style for the appended code, which obviously was not generated in the same manner of the valid code (which appropriately outputs standard UNIX newlines)
description: | updated |
Changed in libwww-perl: | |
status: | New → Invalid |
The ad-loading code is downloaded from an external site located at 205.234.170.164. I've attached strace output from the GET / HTTP/1.1 command - the relevant output is towards the end.
By the way, this is EVERYWHERE - not just Ubuntu - I've also found this problem on the Fedora servers at school, and I wouldn't be suprised if it affects every perl installation.