>Number: 2487 >Category: general >Synopsis: ap_strcmpmatch fails on case-blind file systems (Severe error) >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Jun 23 01:40:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.0 >Environment: NT 4.0 SP 3, VC++ 5.0 >Description: This error is closely related to PR #2455, are are due to the fact, that Win32 and properly OS/2 uses case-blind file systems. This means that every line in apache that related to file systems may be bogus, i.e <Directory>, <Location> and many more.
The result is among other, that a file protected in location /protected can be accessed with no problem using the partial uri /PROTECTED or any other combination of letters. >How-To-Repeat: <Location /protected> order deny,allow deny from all </Location> brose the directoty /PROTECTED >Fix: Where there is a strcmp in the source (and that is quite a lot), the developer have to thing of every ramifications of each use of the comparison function. What the major issue is ofcause the the filesystem. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
