>Number: 2065 >Category: protocol >Synopsis: using find_token() for If-Match et al is bogus >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Apr 15 10:10:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2 and 1.3 >Environment: n/a >Description: If a request includes the header:
If-Match: "abc def" the code will do completely the wrong thing. It treats this as two tokens rather than one. The bug isn't in find_token(), the bug is in meets_conditions() which shouldn't be using find_token(). Another function, maybe called find_quoted_string() should be added and used. See these new-httpd messages: Message-ID: <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Dean >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]