/ Zope / Apsis / Pound Mailing List / Archive / 2006 / 2006-03 / Misconstructed test in WebDAV checks

[ << ] [ >> ]

[ Jeffrey Brown is out of the office. / Jeffrey ... ] [ error in pound? / Corin Langosch ... ]

Misconstructed test in WebDAV checks
Colin Hogben <pound(at)pythontech.co.uk>		 2006-03-30 21:05:01 [ FULL ] 
I noticed the following code at line 712 of http.c in 2.0.4:

             no_cont = !(strncasecmp(request + matches[1].rm_so, "LOCK", 
matches[1].rm_eo - matches[1].rm_so)
                     || strncasecmp(request + matches[1].rm_so, 
"UNLOCK", matches[1].rm_eo - matches[1].rm_so)
                     || strncasecmp(request + matches[1].rm_so, 
"DELETE", matches[1].rm_eo - matches[1].rm_so)
                     || strncasecmp(request + matches[1].rm_so, 
"OPTIONS", matches[1].rm_eo - matches[1].rm_so));

I think the logic is wrong here.  The strncasecmp's can't all match 
(unless the regexp matches a zero-length string - which it does not) so 
at least three of the four will return non-zero.  So no_cont will always 
be zero.  To fix, move the "!" inside the parentheses before each 
strncasecmp, or use "&&" instead of "||".

Next thought: If webdav works despite this bug (I have not tried), is 
this code needed at all?
[...]
Re: [Pound Mailing List] Misconstructed test in WebDAV checks
Robert Segall <roseg(at)apsis.ch>		 2006-03-31 15:40:37 [ FULL ] 
On Thu, 2006-03-30 at 20:05 +0100, Colin Hogben wrote:[...]

Thanks for noticing it - it really should be '&&'. Fixed in the next
release.
[...]

Webdav works (despite the bug) because most clients are well-behaved.
Fixing it is better...[...]
MailBoxer