httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 56038] New: mod_session excludes not processed correctly
Date Mon, 20 Jan 2014 19:17:11 GMT

            Bug ID: 56038
           Summary: mod_session excludes not processed correctly
           Product: Apache httpd-2
           Version: 2.4.7
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_session

In line 72 of mod_session.c

        for (i = 0; included && i < conf->includes->nelts; i++) {

conf->includes->nelts is used for the loop condition, but this is a loop for
conf->excludes. Unless the # of SessionInclude directives is exactly the same
as SessionExclude, this loop will not be processed correctly.

In addition, when the loop is indeed processed, the string comparison does not
appear to be coded correctly. On line 75

            if (strncmp(r->uri, exclude, strlen(exclude))) {

should be

            if (strncmp(r->uri, exclude, strlen(exclude)) == 0) {

because strncmp will return 0 for a match.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message