You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2021/03/02 15:35:56 UTC
svn commit: r1887090 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
modules/session/mod_session.c
Author: ylavic
Date: Tue Mar 2 15:35:55 2021
New Revision: 1887090
URL: http://svn.apache.org/viewvc?rev=1887090&view=rev
Log:
Merge r1887050, r1887052 from trunk:
mod_session: save one apr_strtok() in session_identity_decode().
When the encoding is invalid (missing '='), no need to parse further.
mod_session: account for the '&' in identity_concat().
Submitted by: ylavic
Reviewed by: ylavic, covener, jailletc36
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/modules/session/mod_session.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1887050,1887052
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1887090&r1=1887089&r2=1887090&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Mar 2 15:35:55 2021
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.47
+ *) mod_session: Improve session parsing. [Yann Yalvic]
+
*) mod_authnz_ldap: Prevent authentications with empty passwords for the
initial bind to fail with status 500. [Ruediger Pluem]
Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session.c?rev=1887090&r1=1887089&r2=1887090&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session.c Tue Mar 2 15:35:55 2021
@@ -318,7 +318,7 @@ static apr_status_t ap_session_set(reque
static int identity_count(void *v, const char *key, const char *val)
{
int *count = v;
- *count += strlen(key) * 3 + strlen(val) * 3 + 1;
+ *count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1;
}
@@ -354,7 +354,6 @@ static int identity_concat(void *v, cons
*/
static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
{
-
char *buffer = NULL;
int length = 0;
if (z->expiry) {
@@ -405,8 +404,8 @@ static apr_status_t session_identity_dec
char *plast = NULL;
const char *psep = "=";
char *key = apr_strtok(pair, psep, &plast);
- char *val = apr_strtok(NULL, psep, &plast);
if (key && *key) {
+ char *val = apr_strtok(NULL, sep, &plast);
if (!val || !*val) {
apr_table_unset(z->entries, key);
}