httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe+apa...@sunstarsys.com>
Subject [PATCH] (untested) mod_usertrack.c mod_log_config.c
Date Thu, 29 Aug 2002 21:29:37 GMT

Once apreq's fate is decided, I'll try to submit a patch for 
these to work with apreq_cookie.  In the meantime, you may want 
to incorporated these-  the current cookie "parsing" code looks 
a bit unsafe to me.  Also, RFC 2965's "Cookie2" header is used for 
sending $Version info, not cookie data.

--- mod_usertrack.c.old Fri Aug 16 19:16:23 2002
+++ mod_usertrack.c     Thu Aug 29 16:38:23 2002
@@ -204,11 +204,9 @@
         return DECLINED;
     }
 
-    if ((cookie = apr_table_get(r->headers_in,
-                                (dcfg->style == CT_COOKIE2
-                                 ? "Cookie2"
-                                 : "Cookie"))))
-        if ((value = ap_strstr_c(cookie, dcfg->cookie_name))) {
+    if ((cookie = apr_table_get(r->headers_in, "Cookie")))
+        if ((value = ap_strstr_c(cookie, dcfg->cookie_name)) &&
+            value[strlen(dcfg->cookie_name)] == '=') {
             char *cookiebuf, *cookieend;
 
             value += strlen(dcfg->cookie_name) + 1;  /* Skip over the '=' */

--- mod_log_config.c.old        Thu Aug 29 16:45:04 2002
+++ mod_log_config.c    Thu Aug 29 16:47:21 2002
@@ -457,7 +457,8 @@
     const char *start_cookie;
 
     if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
-        if ((start_cookie = ap_strstr_c(cookies,a))) {
+        if ((start_cookie = ap_strstr_c(cookies,a)) && 
+            start_cookie[strlen(a)] == '=') {
             char *cookie, *end_cookie;
             start_cookie += strlen(a) + 1; /* cookie_name + '=' */
             cookie = apr_pstrdup(r->pool, start_cookie);

Mime
View raw message