From: André Malo Date: Tue, 17 Aug 2004 19:57:57 +0000 (+0000) Subject: escape the cookie_name before pasting into the regexp. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=124e72ba02540e0eef92bfabd29e238bc2396d2b;p=thirdparty%2Fapache%2Fhttpd.git escape the cookie_name before pasting into the regexp. Reviewed by: Jeff Trawick, Justin Erenkrantz git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@104694 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/CHANGES b/src/CHANGES index 916e3dc82a7..1a38a24ecef 100644 --- a/src/CHANGES +++ b/src/CHANGES @@ -1,5 +1,8 @@ Changes with Apache 1.3.32 + *) mod_usertrack: Escape the cookie name before pasting into the + regexp. [André Malo] + *) Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. [Jeff Trawick] diff --git a/src/modules/standard/mod_usertrack.c b/src/modules/standard/mod_usertrack.c index 4e1ffa3ff7c..af031479dd9 100644 --- a/src/modules/standard/mod_usertrack.c +++ b/src/modules/standard/mod_usertrack.c @@ -253,6 +253,9 @@ static void set_and_comp_regexp(cookie_dir_rec *dcfg, pool *p, const char *cookie_name) { + int danger_chars = 0; + const char *sp = cookie_name; + /* * The goal is to end up with this regexp, * ^cookie_name=([^;]+)|;[\t]+cookie_name=([^;]+) @@ -260,6 +263,31 @@ static void set_and_comp_regexp(cookie_dir_rec *dcfg, * with the real cookie name set by the user in httpd.conf, * or with the default COOKIE_NAME. */ + + /* Anyway, we need to escape the cookie_name before pasting it + * into the regex + */ + while (*sp) { + if (!ap_isalnum(*sp)) { + ++danger_chars; + } + ++sp; + } + + if (danger_chars) { + char *cp; + cp = ap_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */ + sp = cookie_name; + cookie_name = cp; + while (*sp) { + if (!ap_isalnum(*sp)) { + *cp++ = '\\'; + } + *cp++ = *sp++; + } + *cp = '\0'; + } + dcfg->regexp_string = ap_pstrcat(p, "^", cookie_name, "=([^;]+)|;[ \t]+", cookie_name, "=([^;]+)", NULL);