You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2021/03/02 15:35:56 UTC

svn commit: r1887090 - in /httpd/httpd/branches/2.4.x: ./ CHANGES modules/session/mod_session.c

Author: ylavic
Date: Tue Mar  2 15:35:55 2021
New Revision: 1887090

URL: http://svn.apache.org/viewvc?rev=1887090&view=rev
Log:
Merge r1887050, r1887052 from trunk:

mod_session: save one apr_strtok() in session_identity_decode().

When the encoding is invalid (missing '='), no need to parse further.


mod_session: account for the '&' in identity_concat().


Submitted by: ylavic
Reviewed by: ylavic, covener, jailletc36

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/modules/session/mod_session.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1887050,1887052

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1887090&r1=1887089&r2=1887090&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Mar  2 15:35:55 2021
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.47
 
+  *) mod_session: Improve session parsing.  [Yann Yalvic]
+
   *) mod_authnz_ldap: Prevent authentications with empty passwords for the
      initial bind to fail with status 500. [Ruediger Pluem]
 

Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session.c?rev=1887090&r1=1887089&r2=1887090&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session.c Tue Mar  2 15:35:55 2021
@@ -318,7 +318,7 @@ static apr_status_t ap_session_set(reque
 static int identity_count(void *v, const char *key, const char *val)
 {
     int *count = v;
-    *count += strlen(key) * 3 + strlen(val) * 3 + 1;
+    *count += strlen(key) * 3 + strlen(val) * 3 + 2;
     return 1;
 }
 
@@ -354,7 +354,6 @@ static int identity_concat(void *v, cons
  */
 static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
 {
-
     char *buffer = NULL;
     int length = 0;
     if (z->expiry) {
@@ -405,8 +404,8 @@ static apr_status_t session_identity_dec
         char *plast = NULL;
         const char *psep = "=";
         char *key = apr_strtok(pair, psep, &plast);
-        char *val = apr_strtok(NULL, psep, &plast);
         if (key && *key) {
+            char *val = apr_strtok(NULL, sep, &plast);
             if (!val || !*val) {
                 apr_table_unset(z->entries, key);
             }