From: André Malo Date: Tue, 17 Aug 2004 19:56:34 +0000 (+0000) Subject: escape the cookie_name before pasting into the regexp. X-Git-Tag: STRIKER_2_0_51_RC1^2~74 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef080e6367399ff8523b8a8ea05f5d498c275a65;p=thirdparty%2Fapache%2Fhttpd.git escape the cookie_name before pasting into the regexp. Reviewed by: Jeff Trawick, Justin Erenkrantz git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104693 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 6c46685e832..087c6724a47 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ Changes with Apache 2.0.51 + *) mod_usertrack: Escape the cookie name before pasting into the + regexp. [André Malo] + *) Extend the SetEnvIf directive to capture subexpressions of the matched value. [André Malo] diff --git a/STATUS b/STATUS index 82ea4005a11..df666863892 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2004/08/17 16:44:14 $] +Last modified at [$Date: 2004/08/17 19:56:34 $] Release: @@ -210,11 +210,6 @@ PATCHES TO BACKPORT FROM 2.1 modules/loggers/mod_log_config.c: r1.116 +1: nd - *) mod_usertrack: Escape the cookie_name before pasting into the regexp. - (2.0 + 1.3) - modules/metadata/mod_usertrack.c: r1.51 - +1: nd, trawick, jerenkrantz - *) Fix memory leak in mod_rewrite. PR 27862. (2.0 + 1.3) http://www.apache.org/~nd/mod_rewrite_fixleak.diff +1: nd diff --git a/modules/metadata/mod_usertrack.c b/modules/metadata/mod_usertrack.c index 805d51e8f50..55ad8dc8509 100644 --- a/modules/metadata/mod_usertrack.c +++ b/modules/metadata/mod_usertrack.c @@ -160,12 +160,45 @@ static void set_and_comp_regexp(cookie_dir_rec *dcfg, apr_pool_t *p, const char *cookie_name) { + int danger_chars = 0; + const char *sp = cookie_name; + /* The goal is to end up with this regexp, * ^cookie_name=([^;]+)|;[\t]+cookie_name=([^;]+) * with cookie_name obviously substituted either * with the real cookie name set by the user in httpd.conf, or with the - * default COOKIE_NAME. */ - dcfg->regexp_string = apr_pstrcat(p, "^", cookie_name, "=([^;]+)|;[ \t]+", cookie_name, "=([^;]+)", NULL); + * default COOKIE_NAME. + */ + + /* Anyway, we need to escape the cookie_name before pasting it + * into the regex + */ + while (*sp) { + if (!apr_isalnum(*sp)) { + ++danger_chars; + } + ++sp; + } + + if (danger_chars) { + char *cp; + cp = apr_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */ + sp = cookie_name; + cookie_name = cp; + while (*sp) { + if (!apr_isalnum(*sp)) { + *cp++ = '\\'; + } + *cp++ = *sp++; + } + *cp = '\0'; + } + + dcfg->regexp_string = apr_pstrcat(p, "^", + cookie_name, + "=([^;]+)|;[ \t]+", + cookie_name, + "=([^;]+)", NULL); dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, REG_EXTENDED); ap_assert(dcfg->regexp != NULL);