https://issues.apache.org/bugzilla/show_bug.cgi?id=49166
Summary: Logging of cookie values fails when one cookie has a
name which is an initial substring of another
Product: Apache httpd-2
Version: 2.2.12
Platform: HP
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_log_config
AssignedTo: [email protected]
ReportedBy: [email protected]
This is using Apache 2.2.12-1ubuntu2.2. I searched the bug DB and read the
changelogs but couldn't see a reference to this issue.
Log format in /etc/apache2/apache2.conf:
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"
\"%{Bugzilla_login}C\" \"%{Bugzilla_logincookie}C\"" bugzilla_vhost_combined
This should log the two cookies named Bugzilla_login and Bugzilla_logincookie.
Then, in /etc/apache2/sites-enabled/000-default:
CustomLog /var/log/apache2/access.log bugzilla_vhost_combined
Then, I get logs of the following form:
127.0.0.1:80 127.0.0.1 - - [14/Apr/2010:17:47:12 +0100] "POST
/src/bugzilla-3.4/xmlrpc.cgi/xmlrpc.cgi HTTP/1.1" 200 1747 "-"
"BZ::Client::XMLRPC 1" "ookie=jDB44Tplz1" "jDB44Tplz1"
In other words, the log for "Bugzilla_login" is most of the rest of the cookie
name, the equals sign and the value for the "Bugzilla_logincookie" cookie.
It looks strongly like the code for finding the value to log is doing an
unterminated substring match on the cookie name, and then chomping the first
character off what it finds (hence the missing "c") in an attempt to remove the
"=" sign.
I'd expect it to be this code:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?view=markup
(like 500)
but that looks good to me. But maybe I can't read C.
Gerv
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
