Re: [Mod-security-developers] ModSecurity 2.6.7: PCRE version check
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSecurity 2.6.7: PCRE version check
|
From: Peter H. <hei...@we...> - 2012-08-02 23:53:24
|
On 08/03/2012 01:04 AM, Breno Silva wrote:
> I reverted it.
>
> Are you sure your idea will prevents 8.2 and 8.02 are considered equal ?
> Let me check in the lib pcre history if 8.2 means (two) or twenty :)
As far as I can see, there hasn't been a version 8.2.
For all versions up to PCRE 7.9, the minor version did not have leading
zeroes, and the ModSecurity 2.6.6 comparison is correct. The original
ModSecurity 2.6.7 code adds a leading zero in these cases, and breaks
the comparison ("7.9" turned into "7.09", although the version _is_
identical).
For PCRE 8.00, 8.01, 8.02 my previous proposal does not fix the problem
completely. Futhermore, we don't know whether PCRE will use versions
9.0, 9.1, 9.2, ... or 9.00, 9,01, 0.02, ... in the future.
As the PCRE code itself uses string concatenation to build the
pcre_version() return string, I feel we need to do away with "%d" and
use string operations as well:
pcre_vrs = apr_psprintf(mp,"%s.%s ", PCRE_MAJOR, PCRE_MINOR);
(This will still produce a warning for PCRE prerelease versions, though.)
--
Peter Heimann
|
