httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 56038] New: mod_session excludes not processed correctly
Date Mon, 20 Jan 2014 19:17:11 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=56038

            Bug ID: 56038
           Summary: mod_session excludes not processed correctly
           Product: Apache httpd-2
           Version: 2.4.7
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_session
          Assignee: bugs@httpd.apache.org
          Reporter: erik@adaptations.com

In line 72 of mod_session.c

        for (i = 0; included && i < conf->includes->nelts; i++) {

conf->includes->nelts is used for the loop condition, but this is a loop for
conf->excludes. Unless the # of SessionInclude directives is exactly the same
as SessionExclude, this loop will not be processed correctly.

In addition, when the loop is indeed processed, the string comparison does not
appear to be coded correctly. On line 75

            if (strncmp(r->uri, exclude, strlen(exclude))) {

should be

            if (strncmp(r->uri, exclude, strlen(exclude)) == 0) {

because strncmp will return 0 for a match.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message