From: Nick Kew <niq@apache.org>
Date: Thu, 26 Jul 2007 14:48:48 +0000 (+0000)
Subject: Fix integer comparisons in mod_filter
X-Git-Tag: 2.3.0~1687
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=394f075725ae922c7f03559a29cb4f062676f94a;p=apache

Fix integer comparisons in mod_filter
PR: 41835


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@559837 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/filters/mod_filter.c b/modules/filters/mod_filter.c
index 9b59fc8c34..7b634106da 100644
--- a/modules/filters/mod_filter.c
+++ b/modules/filters/mod_filter.c
@@ -200,18 +200,24 @@ static int filter_lookup(ap_filter_t *f, ap_filter_rec_t *filter)
                 match = 0;
             }
         }
-        else if (!provider->match.string) {
-            match = 0;
-        }
+        /* we can't check for NULL in provider as that kills integer 0
+	 * so we have to test each string/regexp case in the switch
+	 */
         else {
-            /* Now we have no nulls, so we can do string and regexp matching */
             switch (provider->match_type) {
             case STRING_MATCH:
-                if (strcasecmp(str, provider->match.string)) {
+                if (!provider->match.string) {
+                    match = 0;
+                }
+		else if (strcasecmp(str, provider->match.string)) {
                     match = 0;
                 }
                 break;
             case STRING_CONTAINS:
+                if (!provider->match.string) {
+                    match = 0;
+                    break;
+                }
                 str1 = apr_pstrdup(r->pool, str);
                 ap_str_tolower(str1);
                 if (!strstr(str1, provider->match.string)) {
@@ -219,9 +225,12 @@ static int filter_lookup(ap_filter_t *f, ap_filter_rec_t *filter)
                 }
                 break;
             case REGEX_MATCH:
-                if (ap_regexec(provider->match.regex, str, 0, NULL, 0)
-                    == AP_REG_NOMATCH) {
-                match = 0;
+                if (!provider->match.string) {
+                    match = 0;
+                }
+		else if (ap_regexec(provider->match.regex, str, 0, NULL, 0)
+                         == AP_REG_NOMATCH) {
+                    match = 0;
                 }
                 break;
             case INT_EQ:
@@ -229,23 +238,26 @@ static int filter_lookup(ap_filter_t *f, ap_filter_rec_t *filter)
                     match = 0;
                 }
                 break;
+            /* Integer comparisons should be [var] OP [match]
+             * We need to set match = 0 if the condition fails
+             */
             case INT_LT:
-                if (atoi(str) < provider->match.number) {
+                if (atoi(str) >= provider->match.number) {
                     match = 0;
                 }
                 break;
             case INT_LE:
-                if (atoi(str) <= provider->match.number) {
+                if (atoi(str) > provider->match.number) {
                     match = 0;
                 }
                 break;
             case INT_GT:
-                if (atoi(str) > provider->match.number) {
+                if (atoi(str) <= provider->match.number) {
                     match = 0;
                 }
                 break;
             case INT_GE:
-                if (atoi(str) >= provider->match.number) {
+                if (atoi(str) < provider->match.number) {
                     match = 0;
                 }
                 break;