From: Jim Jagielski Date: Tue, 10 Jul 2012 14:12:48 +0000 (+0000) Subject: Merge r1328133 from trunk: X-Git-Tag: 2.4.3~328 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a17225f93ed251771d3eb135ac9448025becfab2;p=apache Merge r1328133 from trunk: PR 53104 - %{abc}C truncates cookies whose values contain '=' Submitted by: gregames Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1359690 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index c39538d992..718471340c 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,9 @@ Changes with Apache 2.4.3 possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] + *) mod_log_config: Fix %{abc}C truncating cookie values at first "=". + PR 53104. [Greg Ames] + *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton] *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled). diff --git a/STATUS b/STATUS index 0be3200663..bd5acd3e37 100644 --- a/STATUS +++ b/STATUS @@ -95,14 +95,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: 2.4 patch: Trunk patch works +1: sf, covener, jim - * mod_log_config: Fix %{abc}C truncating cookie values at first "=". - PR 53104 - trunk patch: http://svn.apache.org/viewvc?rev=1328133&view=rev - 2.4 patch: Trunk patch works, add CHANGES: - mod_log_config: Fix %{abc}C truncating cookie values at first "=". PR - 53104. [Greg Ames] - +1: sf, covener, druggeri, jim - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index 026a6cf6d3..bc225cee76 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -544,10 +544,10 @@ static const char *log_cookie(request_rec *r, char *a) while ((cookie = apr_strtok(cookies, ";", &last1))) { char *name = apr_strtok(cookie, "=", &last2); if (name) { - char *value; + char *value = name + strlen(name) + 1; apr_collapse_spaces(name, name); - if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { + if (!strcasecmp(name, a)) { char *last; value += strspn(value, " \t"); /* Move past leading WS */ last = value + strlen(value) - 1;