[JBoss JIRA] (MODCLUSTER-285) get_path_param in mod_proxy_cluster doesn't expect '; ' as separator
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-285?page=com.atlassian.jira.pl... ]
Radoslav Husar commented on MODCLUSTER-285:
-------------------------------------------
Note that this code (upstream Apache trunk) is still wrong and violates RFC. Imagine a query string:
{noformat}/my.jsp?notJSESSIONID=wrong;JSESSIONID=correct{noformat}
this method would return "wrong" instead od "correct".
> get_path_param in mod_proxy_cluster doesn't expect ';' as separator
> -------------------------------------------------------------------
>
> Key: MODCLUSTER-285
> URL: https://issues.jboss.org/browse/MODCLUSTER-285
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Radoslav Husar
> Fix For: 1.3.2.Alpha1
>
>
> Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
> /test.jsp;jsessionid=123123.NODE01;name=vale
> See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
> {code}
> /* Retrieve the parameter with the given name
> * Something like 'JSESSIONID=12345...N'
> */
> static char *get_path_param(apr_pool_t *pool, char *url,
> const char *name, int scolon_sep)
> {
> char *path = NULL;
> char *pathdelims = "?&";
> if (scolon_sep) {
> pathdelims = ";?&";
> }
> for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
> path += strlen(name);
> if (*path == '=') {
> /*
> * Session path was found, get it's value
> */
> ++path;
> if (strlen(path)) {
> char *q;
> path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
> return path;
> }
> }
> }
> return NULL;
> }
> {code}
> Severity of this bug to me is not so high since using more than one path parameters is not so common.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (MODCLUSTER-285) get_path_param in mod_proxy_cluster doesn't expect '; ' as separator
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-285?page=com.atlassian.jira.pl... ]
Radoslav Husar updated MODCLUSTER-285:
--------------------------------------
Fix Version/s: 1.3.2.Alpha1
(was: 1.2.1.Final)
> get_path_param in mod_proxy_cluster doesn't expect ';' as separator
> -------------------------------------------------------------------
>
> Key: MODCLUSTER-285
> URL: https://issues.jboss.org/browse/MODCLUSTER-285
> Project: mod_cluster
> Issue Type: Bug
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Radoslav Husar
> Fix For: 1.3.2.Alpha1
>
>
> Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
> /test.jsp;jsessionid=123123.NODE01;name=vale
> See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
> /* Retrieve the parameter with the given name
> * Something like 'JSESSIONID=12345...N'
> */
> static char *get_path_param(apr_pool_t *pool, char *url,
> const char *name, int scolon_sep)
> {
> char *path = NULL;
> char *pathdelims = "?&";
> if (scolon_sep) {
> pathdelims = ";?&";
> }
> for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
> path += strlen(name);
> if (*path == '=') {
> /*
> * Session path was found, get it's value
> */
> ++path;
> if (strlen(path)) {
> char *q;
> path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
> return path;
> }
> }
> }
> return NULL;
> }
> Severity of this bug to me is not so high since using more than one path parameters is not so common.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (MODCLUSTER-285) get_path_param in mod_proxy_cluster doesn't expect '; ' as separator
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-285?page=com.atlassian.jira.pl... ]
Radoslav Husar updated MODCLUSTER-285:
--------------------------------------
Component/s: Native (httpd modules)
> get_path_param in mod_proxy_cluster doesn't expect ';' as separator
> -------------------------------------------------------------------
>
> Key: MODCLUSTER-285
> URL: https://issues.jboss.org/browse/MODCLUSTER-285
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Radoslav Husar
> Fix For: 1.3.2.Alpha1
>
>
> Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
> /test.jsp;jsessionid=123123.NODE01;name=vale
> See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
> /* Retrieve the parameter with the given name
> * Something like 'JSESSIONID=12345...N'
> */
> static char *get_path_param(apr_pool_t *pool, char *url,
> const char *name, int scolon_sep)
> {
> char *path = NULL;
> char *pathdelims = "?&";
> if (scolon_sep) {
> pathdelims = ";?&";
> }
> for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
> path += strlen(name);
> if (*path == '=') {
> /*
> * Session path was found, get it's value
> */
> ++path;
> if (strlen(path)) {
> char *q;
> path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
> return path;
> }
> }
> }
> return NULL;
> }
> Severity of this bug to me is not so high since using more than one path parameters is not so common.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (MODCLUSTER-285) get_path_param in mod_proxy_cluster doesn't expect '; ' as separator
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-285?page=com.atlassian.jira.pl... ]
Radoslav Husar updated MODCLUSTER-285:
--------------------------------------
Description:
Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
/test.jsp;jsessionid=123123.NODE01;name=vale
See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
{code}
/* Retrieve the parameter with the given name
* Something like 'JSESSIONID=12345...N'
*/
static char *get_path_param(apr_pool_t *pool, char *url,
const char *name, int scolon_sep)
{
char *path = NULL;
char *pathdelims = "?&";
if (scolon_sep) {
pathdelims = ";?&";
}
for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
path += strlen(name);
if (*path == '=') {
/*
* Session path was found, get it's value
*/
++path;
if (strlen(path)) {
char *q;
path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
return path;
}
}
}
return NULL;
}
{code}
Severity of this bug to me is not so high since using more than one path parameters is not so common.
was:
Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
/test.jsp;jsessionid=123123.NODE01;name=vale
See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
/* Retrieve the parameter with the given name
* Something like 'JSESSIONID=12345...N'
*/
static char *get_path_param(apr_pool_t *pool, char *url,
const char *name, int scolon_sep)
{
char *path = NULL;
char *pathdelims = "?&";
if (scolon_sep) {
pathdelims = ";?&";
}
for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
path += strlen(name);
if (*path == '=') {
/*
* Session path was found, get it's value
*/
++path;
if (strlen(path)) {
char *q;
path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
return path;
}
}
}
return NULL;
}
Severity of this bug to me is not so high since using more than one path parameters is not so common.
> get_path_param in mod_proxy_cluster doesn't expect ';' as separator
> -------------------------------------------------------------------
>
> Key: MODCLUSTER-285
> URL: https://issues.jboss.org/browse/MODCLUSTER-285
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Radoslav Husar
> Fix For: 1.3.2.Alpha1
>
>
> Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
> /test.jsp;jsessionid=123123.NODE01;name=vale
> See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
> {code}
> /* Retrieve the parameter with the given name
> * Something like 'JSESSIONID=12345...N'
> */
> static char *get_path_param(apr_pool_t *pool, char *url,
> const char *name, int scolon_sep)
> {
> char *path = NULL;
> char *pathdelims = "?&";
> if (scolon_sep) {
> pathdelims = ";?&";
> }
> for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
> path += strlen(name);
> if (*path == '=') {
> /*
> * Session path was found, get it's value
> */
> ++path;
> if (strlen(path)) {
> char *q;
> path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
> return path;
> }
> }
> }
> return NULL;
> }
> {code}
> Severity of this bug to me is not so high since using more than one path parameters is not so common.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (MODCLUSTER-285) get_path_param in mod_proxy_cluster doesn't expect '; ' as separator
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-285?page=com.atlassian.jira.pl... ]
Work on MODCLUSTER-285 started by Radoslav Husar.
-------------------------------------------------
> get_path_param in mod_proxy_cluster doesn't expect ';' as separator
> -------------------------------------------------------------------
>
> Key: MODCLUSTER-285
> URL: https://issues.jboss.org/browse/MODCLUSTER-285
> Project: mod_cluster
> Issue Type: Bug
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Radoslav Husar
> Fix For: 1.2.1.Final
>
>
> Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
> /test.jsp;jsessionid=123123.NODE01;name=vale
> See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
> /* Retrieve the parameter with the given name
> * Something like 'JSESSIONID=12345...N'
> */
> static char *get_path_param(apr_pool_t *pool, char *url,
> const char *name, int scolon_sep)
> {
> char *path = NULL;
> char *pathdelims = "?&";
> if (scolon_sep) {
> pathdelims = ";?&";
> }
> for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
> path += strlen(name);
> if (*path == '=') {
> /*
> * Session path was found, get it's value
> */
> ++path;
> if (strlen(path)) {
> char *q;
> path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
> return path;
> }
> }
> }
> return NULL;
> }
> Severity of this bug to me is not so high since using more than one path parameters is not so common.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (MODCLUSTER-285) get_path_param in mod_proxy_cluster doesn't expect '; ' as separator
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-285?page=com.atlassian.jira.pl... ]
Radoslav Husar reassigned MODCLUSTER-285:
-----------------------------------------
Assignee: Radoslav Husar (was: Jean-Frederic Clere)
> get_path_param in mod_proxy_cluster doesn't expect ';' as separator
> -------------------------------------------------------------------
>
> Key: MODCLUSTER-285
> URL: https://issues.jboss.org/browse/MODCLUSTER-285
> Project: mod_cluster
> Issue Type: Bug
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Radoslav Husar
> Fix For: 1.2.1.Final
>
>
> Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
> /test.jsp;jsessionid=123123.NODE01;name=vale
> See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
> /* Retrieve the parameter with the given name
> * Something like 'JSESSIONID=12345...N'
> */
> static char *get_path_param(apr_pool_t *pool, char *url,
> const char *name, int scolon_sep)
> {
> char *path = NULL;
> char *pathdelims = "?&";
> if (scolon_sep) {
> pathdelims = ";?&";
> }
> for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
> path += strlen(name);
> if (*path == '=') {
> /*
> * Session path was found, get it's value
> */
> ++path;
> if (strlen(path)) {
> char *q;
> path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
> return path;
> }
> }
> }
> return NULL;
> }
> Severity of this bug to me is not so high since using more than one path parameters is not so common.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (MODCLUSTER-461) If Session ID key stored in URL contains sticky session cookie name it it used for routing
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-461?page=com.atlassian.jira.pl... ]
Radoslav Husar updated MODCLUSTER-461:
--------------------------------------
Summary: If Session ID key stored in URL contains sticky session cookie name it it used for routing (was: If Session ID key stored in URL contains sticky session cookie name it it used for routing.)
> If Session ID key stored in URL contains sticky session cookie name it it used for routing
> ------------------------------------------------------------------------------------------
>
> Key: MODCLUSTER-461
> URL: https://issues.jboss.org/browse/MODCLUSTER-461
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 1.2.9.Final, 1.3.1.Final
> Environment: Using the stock mod_cluster configuration shipped with EWS/JWS and EAP.
> Enterprise Web Server 2.x and 3.x
> JBoss EAP 6.3 and 6.4
> Used Tomcat sample application.
> Reporter: Robert Bost
> Assignee: Jean-Frederic Clere
> Labels: stickysession
>
> If I make a request with a valid JSESSIONID cookie and a URL like below, the value from the URL is used by mod_cluster for sticky session routing:
> {{curl -b "JSESSIONID=OTg+mUVLRceO2bqRIcsSJmlm.4e6189af-0502-3305-8ff3-fad7fee8b516" -v 'http://myserver/sample/hello.jsp;not.really.jsessionid=oops'}}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months