* Prevent a segfault when a CGI script sets a cookie with a null value.

author Ruediger Pluem <rpluem@apache.org>

Sat, 19 Jul 2008 14:00:23 +0000 (14:00 +0000)

committer Ruediger Pluem <rpluem@apache.org>

Sat, 19 Jul 2008 14:00:23 +0000 (14:00 +0000)
author Ruediger Pluem <rpluem@apache.org>
Sat, 19 Jul 2008 14:00:23 +0000 (14:00 +0000)
committer Ruediger Pluem <rpluem@apache.org>
Sat, 19 Jul 2008 14:00:23 +0000 (14:00 +0000)
diff --git a/CHANGES b/CHANGES

index 7e1c35a0bb6330c464f45d95c9e2b592ff20539c..2b2d0f70a8d59e044a4615927b6b3ae3900fd3ba 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,8 @@
  Changes with Apache 2.3.0
  [ When backported to 2.2.x, remove entry from this file ]
  
+  *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
+     null value. [David Shane Holden <dpejesh apache.org>]
  
    *) mod_headers: Prevent Header edit from processing only the first header
       of possibly multiple headers with the same name and deleting the
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c

index 1559ee5bfea17fbda6a6797549647be88b7de816..8553d6a42c8435d0c963a222a446075624527851 100644 (file)
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -364,7 +364,7 @@ static int session_identity_decode(request_rec * r, session_rec * z)
              if (!val || !*val) {
                  apr_table_unset(z->entries, key);
              }
-            if (!ap_unescape_all(key) && !ap_unescape_all(val)) {
+            else if (!ap_unescape_all(key) && !ap_unescape_all(val)) {
                  if (!strcmp(SESSION_EXPIRY, key)) {
                      z->expiry = (apr_time_t) apr_atoi64(val);
                  }
author	Ruediger Pluem <rpluem@apache.org>
	Sat, 19 Jul 2008 14:00:23 +0000 (14:00 +0000)
committer	Ruediger Pluem <rpluem@apache.org>
	Sat, 19 Jul 2008 14:00:23 +0000 (14:00 +0000)
CHANGES		patch \| blob \| history
modules/session/mod_session.c		patch \| blob \| history