From dd3067baacbd4e62284267369f6ea321fd85a529 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Sat, 19 Jul 2008 14:00:23 +0000 Subject: [PATCH] * Prevent a segfault when a CGI script sets a cookie with a null value. Submitted by: David Shane Holden Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@678160 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 2 ++ modules/session/mod_session.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 7e1c35a0bb..2b2d0f70a8 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,8 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) mod_session: Prevent a segfault when a CGI script sets a cookie with a + null value. [David Shane Holden ] *) mod_headers: Prevent Header edit from processing only the first header of possibly multiple headers with the same name and deleting the diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c index 1559ee5bfe..8553d6a42c 100644 --- a/modules/session/mod_session.c +++ b/modules/session/mod_session.c @@ -364,7 +364,7 @@ static int session_identity_decode(request_rec * r, session_rec * z) if (!val || !*val) { apr_table_unset(z->entries, key); } - if (!ap_unescape_all(key) && !ap_unescape_all(val)) { + else if (!ap_unescape_all(key) && !ap_unescape_all(val)) { if (!strcmp(SESSION_EXPIRY, key)) { z->expiry = (apr_time_t) apr_atoi64(val); } -- 2.40.0