DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=27823>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=27823 logging: %{cookie}C grabs wrong cookie Summary: logging: %{cookie}C grabs wrong cookie Product: Apache httpd-2.0 Version: 2.0-HEAD Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: mod_log_config AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] The %{cookie}C logging directive will grab the wrong cookie if it is presented with a cookie that has the requested cookie name as a prefix. To reproduce: Set up a LogFormat using the cookie-logging directive, such as: LogFormat "%h %{logcookie}C %t \"%r\" %>s %b \"%{User-Agent}i\"" combtest CustomLog logs/access_log combtest Issue a command such as the following to return two cookies, the first of which has a name for which the cookie to be logged is a prefix: GET -H 'Cookie: $Version=0; logcookie2=wrong_value; logcookie=right_value' http://localhost/ Check the log. Note that instead of "right_value" it has recorded "=wrong_value". 127.0.0.1 =wrong_value [20/Mar/2004:18:12:24 -0500] "GET / HTTP/1.1" 403 2898 "lwp-request/1.39" The following fix to function log_cookie seems to work, but I have not tested it in a production environment: *** httpd-2.0.49/modules/loggers/mod_log_config.c --- httpd-2.0.49-DLF/modules/loggers/mod_log_config.c *************** *** 430,438 **** const char *start_cookie; if ((cookies = apr_table_get(r->headers_in, "Cookie"))) { ! if ((start_cookie = ap_strstr_c(cookies,a))) { char *cookie, *end_cookie; ! start_cookie += strlen(a) + 1; /* cookie_name + '=' */ cookie = apr_pstrdup(r->pool, start_cookie); /* kill everything in cookie after ';' */ end_cookie = strchr(cookie, ';'); --- 430,445 ---- const char *start_cookie; if ((cookies = apr_table_get(r->headers_in, "Cookie"))) { ! /* To avoid matching on longer cookie names having value of "a" as prefix, ! * create string consisting of value of "a" followed by "=" and match that. ! */ ! int cookie_name_len = strlen(a); ! char* cookie_name = apr_palloc(r->pool, cookie_name_len + 2); ! strcpy(cookie_name, a); ! strcat(cookie_name, "="); ! if ((start_cookie = ap_strstr_c(cookies,cookie_name))) { char *cookie, *end_cookie; ! start_cookie += cookie_name_len + 1; /* cookie_name + '=' */ cookie = apr_pstrdup(r->pool, start_cookie); /* kill everything in cookie after ';' */ end_cookie = strchr(cookie, ';'); Dan Franklin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
