escape the cookie_name before pasting into the regexp.

Andre Malo · Andre Malo · commit ca06e80e9ca9 · 2004-08-17T19:56:34.000Z
Reviewed by: Jeff Trawick, Justin Erenkrantz git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104693 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.51
 
+  *) mod_usertrack: Escape the cookie name before pasting into the
+     regexp.  [Andr� Malo]
+
   *) Extend the SetEnvIf directive to capture subexpressions of the
      matched value.  [Andr� Malo]
 
diff --git a/STATUS b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/17 16:44:14 $]
+Last modified at [$Date: 2004/08/17 19:56:34 $]
 
 Release:
 
@@ -210,11 +210,6 @@ PATCHES TO BACKPORT FROM 2.1
          modules/loggers/mod_log_config.c: r1.116
        +1: nd
 
-    *) mod_usertrack: Escape the cookie_name before pasting into the regexp.
-       (2.0 + 1.3)
-         modules/metadata/mod_usertrack.c: r1.51
-       +1: nd, trawick, jerenkrantz
-
     *) Fix memory leak in mod_rewrite. PR 27862. (2.0 + 1.3)
          http://www.apache.org/~nd/mod_rewrite_fixleak.diff
        +1: nd
diff --git a/modules/metadata/mod_usertrack.c b/modules/metadata/mod_usertrack.c
@@ -160,12 +160,45 @@ static void set_and_comp_regexp(cookie_dir_rec *dcfg,
                                 apr_pool_t *p,
                                 const char *cookie_name) 
 {
+    int danger_chars = 0;
+    const char *sp = cookie_name;
+
     /* The goal is to end up with this regexp, 
      * ^cookie_name=([^;]+)|;[\t]+cookie_name=([^;]+) 
      * with cookie_name obviously substituted either
      * with the real cookie name set by the user in httpd.conf, or with the
-     * default COOKIE_NAME. */
-    dcfg->regexp_string = apr_pstrcat(p, "^", cookie_name, "=([^;]+)|;[ \t]+", cookie_name, "=([^;]+)", NULL);
+     * default COOKIE_NAME.
+     */
+
+    /* Anyway, we need to escape the cookie_name before pasting it
+     * into the regex
+     */
+    while (*sp) {
+        if (!apr_isalnum(*sp)) {
+            ++danger_chars;
+        }
+        ++sp;
+    }
+
+    if (danger_chars) {
+        char *cp;
+        cp = apr_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */
+        sp = cookie_name;
+        cookie_name = cp;
+        while (*sp) {
+            if (!apr_isalnum(*sp)) {
+                *cp++ = '\\';
+            }
+            *cp++ = *sp++;
+        }
+        *cp = '\0';
+    }
+
+    dcfg->regexp_string = apr_pstrcat(p, "^",
+                                      cookie_name,
+                                      "=([^;]+)|;[ \t]+",
+                                      cookie_name,
+                                      "=([^;]+)", NULL);
 
     dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, REG_EXTENDED);
     ap_assert(dcfg->regexp != NULL);
