From 066712a8cdcb414467706def84e461b393af503c Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Wed, 28 Dec 2011 23:15:04 +0000 Subject: [PATCH] SECURITY: CVE-2012-0021 (cve.mitre.org) Fix segfault when trying to log a nameless valueless cookie PR: 52256 Submitted by: Rainer Canavan git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1225380 13f79535-47bb-0310-9956-ffa450edef68 --- modules/loggers/mod_log_config.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index 0f35e6b965..caea1f388b 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -541,19 +541,21 @@ static const char *log_cookie(request_rec *r, char *a) while ((cookie = apr_strtok(cookies, ";", &last1))) { char *name = apr_strtok(cookie, "=", &last2); - char *value; - apr_collapse_spaces(name, name); - - if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { - char *last; - value += strspn(value, " \t"); /* Move past leading WS */ - last = value + strlen(value) - 1; - while (last >= value && apr_isspace(*last)) { - *last = '\0'; - --last; + if (name) { + char *value; + apr_collapse_spaces(name, name); + + if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { + char *last; + value += strspn(value, " \t"); /* Move past leading WS */ + last = value + strlen(value) - 1; + while (last >= value && apr_isspace(*last)) { + *last = '\0'; + --last; + } + + return ap_escape_logitem(r->pool, value); } - - return ap_escape_logitem(r->pool, value); } cookies = NULL; } -- 2.40.0