From a67fd0c26d49afed9851c0bfc2d927195cf753bb Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Sat, 24 Oct 2009 13:29:03 +0000
Subject: [PATCH] Only allow parens in filename if cachesize is given. Return
 error otherwise to catch missing parens.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@829362 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                           |  4 ++--
 modules/cache/mod_socache_shmcb.c | 16 ++++++++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index c9694e600c..5a147e51e8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,8 +10,8 @@ Changes with Apache 2.3.3
      mod_proxy_ftp: NULL pointer dereference on error paths.
      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
 
-  *) mod_socache_shmcb: Only parse cache size in parens at the end of the
-     string. Fixes SSLSessionCache directive mis-parsing parens in pathname.
+  *) mod_socache_shmcb: Allow parens in file name if cache size is given.
+     Fixes SSLSessionCache directive mis-parsing parens in pathname.
      PR 47945. [Stefan Fritsch]
 
   *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
diff --git a/modules/cache/mod_socache_shmcb.c b/modules/cache/mod_socache_shmcb.c
index b9d688f62d..4000939ec2 100644
--- a/modules/cache/mod_socache_shmcb.c
+++ b/modules/cache/mod_socache_shmcb.c
@@ -280,11 +280,20 @@ static const char *socache_shmcb_create(ap_socache_instance_t **context,
 
     cp = strrchr(path, '(');
     cp2 = path + strlen(path) - 1;
-    if (cp && (*cp2 == ')')) {
+    if (cp) {
+        char *endptr;
+        if (*cp2 != ')') {
+            return "Invalid argument: no closing parenthesis or cache size "
+                   "missing after pathname with parenthesis";
+        }
         *cp++ = '\0';
         *cp2  = '\0';
         
-        ctx->shm_size = atoi(cp);
+        
+        ctx->shm_size = strtol(cp, &endptr, 10);
+        if (endptr != cp2) {
+            return "Invalid argument: cache size not numerical";
+        }
         
         if (ctx->shm_size < 8192) {
             return "Invalid argument: size has to be >= 8192 bytes";
@@ -299,6 +308,9 @@ static const char *socache_shmcb_create(ap_socache_instance_t **context,
             
         }
     }
+    else if (cp2 >= path && *cp2 == ')') {
+        return "Invalid argument: no opening parenthesis";
+    }
 
     return NULL;
 }
-- 
2.40.0