|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
DO NOT REPLY [Bug 16662] New: - use of strstr() in spot_cookie() mis-identifies cookies in other cookie names or cookie values
Date: Fri Jan 31 2003 - 19:26:17 EST
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16662>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16662
use of strstr() in spot_cookie() mis-identifies cookies in other cookie names or cookie values
Summary: use of strstr() in spot_cookie() mis-identifies cookies
in other cookie names or cookie values
Product: Apache httpd-2.0
Version: 2.0.44
Platform: Other
URL:
http://www.manniwood.net/mod_usertrack_patch.html
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: mod_usertrack
AssignedTo: bugs@httpd.apache.org
ReportedBy: manniwood@planet-save.com
Example: If you have CookieName set to "ID", then use of strstr() in
spot_cookie() mod_usertrack.c will get false positives on the following sorts of
cookies: "MyID=binky", "MyCookie=IDExpired". This bug got "ported" from Apache
1.3: see bugs 16661, 11998, 8906, 8048, 5811. Here is a patch that has been
thoroughly tested (more details at
http://www.manniwood.net/mod_usertrack_patch.html):
- mod_usertrack.c 2002-07-17 12:08:53.000000000 -0400
+++ mod_usertrack_2.0_fixed.c 2003-01-31 13:12:59.000000000 -0500
@@ -125,6 +125,8 @@
cookie_type_e style;
char *cookie_name;
char *cookie_domain;
+ char *regexp_string; /* used to compile regexp; save for debugging */
} cookie_dir_rec;
/* Make Cookie: Now we have to generate something that is going to be
@@ -197,31 +199,44 @@
{
cookie_dir_rec *dcfg = ap_get_module_config(r->per_dir_config,
&usertrack_module);
- const char *cookie;
- const char *value;
+ const char *cookie_header;
+
+ /* There are only three possibilities from the regexp
if (!dcfg->enabled) {
return DECLINED;
}
- if ((cookie = apr_table_get(r->headers_in,
- (dcfg->style == CT_COOKIE2
- ? "Cookie2"
- : "Cookie"))))
- if ((value = ap_strstr_c(cookie, dcfg->cookie_name))) {
- char *cookiebuf, *cookieend;
-
- value += strlen(dcfg->cookie_name) + 1; /* Skip over the '=' */
- cookiebuf = apr_pstrdup(r->pool, value);
- cookieend = strchr(cookiebuf, ';');
- if (cookieend)
- *cookieend = '\0'; /* Ignore anything after a ; */
-
- /* Set the cookie in a note, for logging */
- apr_table_setn(r->notes, "cookie", cookiebuf);
+ if ((cookie_header = apr_table_get(r->headers_in,
+ (dcfg->style == CT_COOKIE2
+ ? "Cookie2"
+ : "Cookie")))) {
regm, 0)) {
+ char *cookieval = NULL;
dcfg->regexp->re_nsub + 1, regm);
+ }
+ if (regm[2].rm_so != -1) {
dcfg->regexp->re_nsub + 1, regm);
+ }
+ /* Set the cookie in a note, for logging */
- return DECLINED; /* There's already a cookie, no new one */
- }
+ return DECLINED; /* There's already a cookie, no new one */
make_cookie(r);
return OK; /* We set our cookie */
}
@@ -330,7 +345,20 @@
{
cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
+ /* The goal is to end up with this regexp,
name, "=([^;]+)", NULL);
+
dcfg->cookie_name = apr_pstrdup(cmd->pool, name);
+
+ dcfg->regexp = ap_pregcomp(cmd->pool, dcfg->regexp_string, REG_EXTENDED);
+
return NULL;
}
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org Received on Sat Feb 01 00:24:45 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 16:44:21 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |