You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ja...@apache.org on 2022/04/27 20:08:50 UTC
svn commit: r1900335 - /httpd/httpd/trunk/modules/session/mod_session.c
Author: jailletc36
Date: Wed Apr 27 20:08:50 2022
New Revision: 1900335
URL: http://svn.apache.org/viewvc?rev=1900335&view=rev
Log:
Harden mod_session and avoid overflow in case of indecently large session
Modified:
httpd/httpd/trunk/modules/session/mod_session.c
Modified: httpd/httpd/trunk/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session.c?rev=1900335&r1=1900334&r2=1900335&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session.c Wed Apr 27 20:08:50 2022
@@ -325,7 +325,8 @@ static apr_status_t ap_session_set(reque
static int identity_count(void *v, const char *key, const char *val)
{
- int *count = v;
+ apr_size_t *count = v;
+
*count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1;
}
@@ -333,7 +334,8 @@ static int identity_count(void *v, const
static int identity_concat(void *v, const char *key, const char *val)
{
char *slider = v;
- int length = strlen(slider);
+ apr_size_t length = strlen(slider);
+
slider += length;
if (length) {
*slider = '&';
@@ -363,7 +365,8 @@ static int identity_concat(void *v, cons
static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
{
char *buffer = NULL;
- int length = 0;
+ apr_size_t length = 0;
+
if (z->expiry) {
char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
apr_table_setn(z->entries, SESSION_EXPIRY, expiry);