You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2012/07/10 16:12:48 UTC
svn commit: r1359690 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS
modules/loggers/mod_log_config.c
Author: jim
Date: Tue Jul 10 14:12:48 2012
New Revision: 1359690
URL: http://svn.apache.org/viewvc?rev=1359690&view=rev
Log:
Merge r1328133 from trunk:
PR 53104 - %{abc}C truncates cookies whose values contain '='
Submitted by: gregames
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/loggers/mod_log_config.c
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1359690&r1=1359689&r2=1359690&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Jul 10 14:12:48 2012
@@ -8,6 +8,9 @@ Changes with Apache 2.4.3
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
+ *) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
+ PR 53104. [Greg Ames]
+
*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
*) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1359690&r1=1359689&r2=1359690&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Jul 10 14:12:48 2012
@@ -95,14 +95,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
2.4 patch: Trunk patch works
+1: sf, covener, jim
- * mod_log_config: Fix %{abc}C truncating cookie values at first "=".
- PR 53104
- trunk patch: http://svn.apache.org/viewvc?rev=1328133&view=rev
- 2.4 patch: Trunk patch works, add CHANGES:
- mod_log_config: Fix %{abc}C truncating cookie values at first "=". PR
- 53104. [Greg Ames]
- +1: sf, covener, druggeri, jim
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.4.x/modules/loggers/mod_log_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/loggers/mod_log_config.c?rev=1359690&r1=1359689&r2=1359690&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/loggers/mod_log_config.c (original)
+++ httpd/httpd/branches/2.4.x/modules/loggers/mod_log_config.c Tue Jul 10 14:12:48 2012
@@ -544,10 +544,10 @@ static const char *log_cookie(request_re
while ((cookie = apr_strtok(cookies, ";", &last1))) {
char *name = apr_strtok(cookie, "=", &last2);
if (name) {
- char *value;
+ char *value = name + strlen(name) + 1;
apr_collapse_spaces(name, name);
- if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+ if (!strcasecmp(name, a)) {
char *last;
value += strspn(value, " \t"); /* Move past leading WS */
last = value + strlen(value) - 1;