Ticket #231 (new defect)

Description

if a mod_proxy comparison key is, e.g. "/foo", but the url is e.g. "http://sample.com/directory/foo", then a proxy match will occur, and the request will be incorrectly submitted to the proxy.

The code in mod_proxy.c, line 1015, reads:

                /* check extension in the form "/proxy_pattern" */
                if (*(extension->key->ptr) == '/' && strncmp(fn->ptr, extension->key->ptr, ct_len) == 0) {
                        if (s_len > ct_len + 1) {
                                char *pi_offset;

                                if (0 != (pi_offset = strchr(fn->ptr + ct_len + 1, '/'))) {
                                        path_info_offset = pi_offset - fn->ptr;
                                }
                        }
                        break;
                } else if (0 == strncmp(fn->ptr + s_len - ct_len, extension->key->ptr, ct_len)) {
                        /* check extension in the form ".fcg" */
                        break;
                }

I believe it should be more like this:

                /* check extension in the form "/proxy_pattern" */
                if (*(extension->key->ptr) == '/') {
                    if (strncmp(fn->ptr, extension->key->ptr, ct_len) == 0) {
                        if (s_len > ct_len + 1) {
                                char *pi_offset;

                                if (0 != (pi_offset = strchr(fn->ptr + ct_len + 1, '/'))) {
                                        path_info_offset = pi_offset - fn->ptr;
                                }
                        }
                        break;
                    }
                } else if (0 == strncmp(fn->ptr + s_len - ct_len, extension->key->ptr, ct_len)) {
                        /* check extension in the form ".fcg" */
                        break;
                }