https://issues.apache.org/bugzilla/show_bug.cgi?id=56038
Bug ID: 56038
Summary: mod_session excludes not processed correctly
Product: Apache httpd-2
Version: 2.4.7
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_session
Assignee: [email protected]
Reporter: [email protected]
In line 72 of mod_session.c
for (i = 0; included && i < conf->includes->nelts; i++) {
conf->includes->nelts is used for the loop condition, but this is a loop for
conf->excludes. Unless the # of SessionInclude directives is exactly the same
as SessionExclude, this loop will not be processed correctly.
In addition, when the loop is indeed processed, the string comparison does not
appear to be coded correctly. On line 75
if (strncmp(r->uri, exclude, strlen(exclude))) {
should be
if (strncmp(r->uri, exclude, strlen(exclude)) == 0) {
because strncmp will return 0 for a match.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
