From: Stefan Fritsch Date: Wed, 28 Dec 2011 23:15:04 +0000 (+0000) Subject: SECURITY: CVE-2012-0021 (cve.mitre.org) X-Git-Tag: 2.5.0-alpha~7620 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=066712a8cdcb414467706def84e461b393af503c;p=apache SECURITY: CVE-2012-0021 (cve.mitre.org) Fix segfault when trying to log a nameless valueless cookie PR: 52256 Submitted by: Rainer Canavan git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1225380 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index 0f35e6b965..caea1f388b 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -541,19 +541,21 @@ static const char *log_cookie(request_rec *r, char *a) while ((cookie = apr_strtok(cookies, ";", &last1))) { char *name = apr_strtok(cookie, "=", &last2); - char *value; - apr_collapse_spaces(name, name); - - if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { - char *last; - value += strspn(value, " \t"); /* Move past leading WS */ - last = value + strlen(value) - 1; - while (last >= value && apr_isspace(*last)) { - *last = '\0'; - --last; + if (name) { + char *value; + apr_collapse_spaces(name, name); + + if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { + char *last; + value += strspn(value, " \t"); /* Move past leading WS */ + last = value + strlen(value) - 1; + while (last >= value && apr_isspace(*last)) { + *last = '\0'; + --last; + } + + return ap_escape_logitem(r->pool, value); } - - return ap_escape_logitem(r->pool, value); } cookies = NULL; }