mod_authn_socache: validate URL earlier

author Eric Covener <covener@apache.org>

Sun, 26 Apr 2026 16:28:47 +0000 (16:28 +0000)

committer Eric Covener <covener@apache.org>

Sun, 26 Apr 2026 16:28:47 +0000 (16:28 +0000)
author Eric Covener <covener@apache.org>
Sun, 26 Apr 2026 16:28:47 +0000 (16:28 +0000)
committer Eric Covener <covener@apache.org>
Sun, 26 Apr 2026 16:28:47 +0000 (16:28 +0000)
diff --git a/modules/aaa/mod_authn_socache.c b/modules/aaa/mod_authn_socache.c

index 92202b16b2082c6deee301b98da0f970eebf7beb..c5461d8f624e9ba89352ccddc5814a95ba1ae7dd 100644 (file)
--- a/modules/aaa/mod_authn_socache.c
+++ b/modules/aaa/mod_authn_socache.c
@@ -265,11 +265,10 @@ static const command_rec authn_cache_cmds[] =
  static const char *construct_key(request_rec *r, const char *context,
                                   const char *user, const char *realm)
  {
+    const char *slash = ap_strrchr_c(r->uri, '/');
      /* handle "special" context values */
-    if (!strcmp(context, directory)) {
-        /* FIXME: are we at risk of this blowing up? */
+    if (!strcmp(context, directory) && slash) {
          char *new_context;
-        char *slash = strrchr(r->uri, '/');
          new_context = apr_palloc(r->pool, slash - r->uri +
                                   strlen(r->server->server_hostname) + 1);
          strcpy(new_context, r->server->server_hostname);
author	Eric Covener <covener@apache.org>
	Sun, 26 Apr 2026 16:28:47 +0000 (16:28 +0000)
committer	Eric Covener <covener@apache.org>
	Sun, 26 Apr 2026 16:28:47 +0000 (16:28 +0000)