You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2020/03/01 22:40:04 UTC
svn commit: r1874674 -
/httpd/httpd/trunk/modules/session/mod_session_crypto.c
Author: covener
Date: Sun Mar 1 22:40:03 2020
New Revision: 1874674
URL: http://svn.apache.org/viewvc?rev=1874674&view=rev
Log:
bubble up an error if none of the passhrases work
previously, the un-decodable z->encoded would get set to NULL
but success would be returned
Modified:
httpd/httpd/trunk/modules/session/mod_session_crypto.c
Modified: httpd/httpd/trunk/modules/session/mod_session_crypto.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_crypto.c?rev=1874674&r1=1874673&r2=1874674&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session_crypto.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session_crypto.c Sun Mar 1 22:40:03 2020
@@ -391,6 +391,8 @@ static apr_status_t decrypt_string(reque
return res;
}
+ res = APR_ECRYPT; /* in case we exhaust all passphrases */
+
/* try each passphrase in turn */
for (; i < dconf->passphrases->nelts; i++) {
const char *passphrase = APR_ARRAY_IDX(dconf->passphrases, i, char *);