[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-285) get_path_param in mod_proxy_cluster doesn't expect '; ' as separator
Radoslav Husar (JIRA)
issues at jboss.org
Thu Jul 30 08:03:03 EDT 2015
[ https://issues.jboss.org/browse/MODCLUSTER-285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radoslav Husar updated MODCLUSTER-285:
--------------------------------------
Description:
Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
/test.jsp;jsessionid=123123.NODE01;name=vale
See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
{code}
/* Retrieve the parameter with the given name
* Something like 'JSESSIONID=12345...N'
*/
static char *get_path_param(apr_pool_t *pool, char *url,
const char *name, int scolon_sep)
{
char *path = NULL;
char *pathdelims = "?&";
if (scolon_sep) {
pathdelims = ";?&";
}
for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
path += strlen(name);
if (*path == '=') {
/*
* Session path was found, get it's value
*/
++path;
if (strlen(path)) {
char *q;
path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
return path;
}
}
}
return NULL;
}
{code}
Severity of this bug to me is not so high since using more than one path parameters is not so common.
was:
Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
/test.jsp;jsessionid=123123.NODE01;name=vale
See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
/* Retrieve the parameter with the given name
* Something like 'JSESSIONID=12345...N'
*/
static char *get_path_param(apr_pool_t *pool, char *url,
const char *name, int scolon_sep)
{
char *path = NULL;
char *pathdelims = "?&";
if (scolon_sep) {
pathdelims = ";?&";
}
for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
path += strlen(name);
if (*path == '=') {
/*
* Session path was found, get it's value
*/
++path;
if (strlen(path)) {
char *q;
path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
return path;
}
}
}
return NULL;
}
Severity of this bug to me is not so high since using more than one path parameters is not so common.
> get_path_param in mod_proxy_cluster doesn't expect ';' as separator
> -------------------------------------------------------------------
>
> Key: MODCLUSTER-285
> URL: https://issues.jboss.org/browse/MODCLUSTER-285
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Radoslav Husar
> Fix For: 1.3.2.Alpha1
>
>
> Current version of get_path_param doesn't expect ';' as path parameters separator so this urls are not correctly handled:
> /test.jsp;jsessionid=123123.NODE01;name=vale
> See for instance the mod_proxy_balancer implementation (in httpd 2.2.21):
> {code}
> /* Retrieve the parameter with the given name
> * Something like 'JSESSIONID=12345...N'
> */
> static char *get_path_param(apr_pool_t *pool, char *url,
> const char *name, int scolon_sep)
> {
> char *path = NULL;
> char *pathdelims = "?&";
> if (scolon_sep) {
> pathdelims = ";?&";
> }
> for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
> path += strlen(name);
> if (*path == '=') {
> /*
> * Session path was found, get it's value
> */
> ++path;
> if (strlen(path)) {
> char *q;
> path = apr_strtok(apr_pstrdup(pool, path), pathdelims, &q);
> return path;
> }
> }
> }
> return NULL;
> }
> {code}
> Severity of this bug to me is not so high since using more than one path parameters is not so common.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the mod_cluster-issues
mailing list