httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/metadata mod_usertrack.c
Date Tue, 17 Aug 2004 19:56:35 GMT
nd          2004/08/17 12:56:35

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/metadata Tag: APACHE_2_0_BRANCH mod_usertrack.c
  Log:
  escape the cookie_name before pasting into the regexp.
  
  Reviewed by: Jeff Trawick, Justin Erenkrantz
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.321 +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.320
  retrieving revision 1.988.2.321
  diff -u -u -r1.988.2.320 -r1.988.2.321
  --- CHANGES	15 Aug 2004 23:33:27 -0000	1.988.2.320
  +++ CHANGES	17 Aug 2004 19:56:33 -0000	1.988.2.321
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.51
   
  +  *) mod_usertrack: Escape the cookie name before pasting into the
  +     regexp.  [André Malo]
  +
     *) Extend the SetEnvIf directive to capture subexpressions of the
        matched value.  [André Malo]
   
  
  
  
  1.751.2.985 +1 -6      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.984
  retrieving revision 1.751.2.985
  diff -u -u -r1.751.2.984 -r1.751.2.985
  --- STATUS	17 Aug 2004 16:44:14 -0000	1.751.2.984
  +++ STATUS	17 Aug 2004 19:56:34 -0000	1.751.2.985
  @@ -210,11 +210,6 @@
            modules/loggers/mod_log_config.c: r1.116
          +1: nd
   
  -    *) mod_usertrack: Escape the cookie_name before pasting into the regexp.
  -       (2.0 + 1.3)
  -         modules/metadata/mod_usertrack.c: r1.51
  -       +1: nd, trawick, jerenkrantz
  -
       *) Fix memory leak in mod_rewrite. PR 27862. (2.0 + 1.3)
            http://www.apache.org/~nd/mod_rewrite_fixleak.diff
          +1: nd
  
  
  
  No                   revision
  No                   revision
  1.39.2.11 +35 -2     httpd-2.0/modules/metadata/mod_usertrack.c
  
  Index: mod_usertrack.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/metadata/mod_usertrack.c,v
  retrieving revision 1.39.2.10
  retrieving revision 1.39.2.11
  diff -u -u -r1.39.2.10 -r1.39.2.11
  --- mod_usertrack.c	2 Jun 2004 22:40:22 -0000	1.39.2.10
  +++ mod_usertrack.c	17 Aug 2004 19:56:34 -0000	1.39.2.11
  @@ -160,12 +160,45 @@
                                   apr_pool_t *p,
                                   const char *cookie_name) 
   {
  +    int danger_chars = 0;
  +    const char *sp = cookie_name;
  +
       /* The goal is to end up with this regexp, 
        * ^cookie_name=([^;]+)|;[\t]+cookie_name=([^;]+) 
        * with cookie_name obviously substituted either
        * with the real cookie name set by the user in httpd.conf, or with the
  -     * default COOKIE_NAME. */
  -    dcfg->regexp_string = apr_pstrcat(p, "^", cookie_name, "=([^;]+)|;[ \t]+", cookie_name,
"=([^;]+)", NULL);
  +     * default COOKIE_NAME.
  +     */
  +
  +    /* Anyway, we need to escape the cookie_name before pasting it
  +     * into the regex
  +     */
  +    while (*sp) {
  +        if (!apr_isalnum(*sp)) {
  +            ++danger_chars;
  +        }
  +        ++sp;
  +    }
  +
  +    if (danger_chars) {
  +        char *cp;
  +        cp = apr_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */
  +        sp = cookie_name;
  +        cookie_name = cp;
  +        while (*sp) {
  +            if (!apr_isalnum(*sp)) {
  +                *cp++ = '\\';
  +            }
  +            *cp++ = *sp++;
  +        }
  +        *cp = '\0';
  +    }
  +
  +    dcfg->regexp_string = apr_pstrcat(p, "^",
  +                                      cookie_name,
  +                                      "=([^;]+)|;[ \t]+",
  +                                      cookie_name,
  +                                      "=([^;]+)", NULL);
   
       dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, REG_EXTENDED);
       ap_assert(dcfg->regexp != NULL);
  
  
  

Mime
View raw message