From: Eric Covener <covener@apache.org>
Date: Sun, 26 Apr 2026 16:28:47 +0000 (+0000)
Subject: mod_authn_socache: validate URL earlier
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eecbbca65f3fd09cf0c1aee763bc26b46a46380e;p=thirdparty%2Fapache%2Fhttpd.git

mod_authn_socache: validate URL earlier


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933357 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/aaa/mod_authn_socache.c b/modules/aaa/mod_authn_socache.c
index 92202b16b2..c5461d8f62 100644
--- a/modules/aaa/mod_authn_socache.c
+++ b/modules/aaa/mod_authn_socache.c
@@ -265,11 +265,10 @@ static const command_rec authn_cache_cmds[] =
 static const char *construct_key(request_rec *r, const char *context,
                                  const char *user, const char *realm)
 {
+    const char *slash = ap_strrchr_c(r->uri, '/');
     /* handle "special" context values */
-    if (!strcmp(context, directory)) {
-        /* FIXME: are we at risk of this blowing up? */
+    if (!strcmp(context, directory) && slash) {
         char *new_context;
-        char *slash = strrchr(r->uri, '/');
         new_context = apr_palloc(r->pool, slash - r->uri +
                                  strlen(r->server->server_hostname) + 1);
         strcpy(new_context, r->server->server_hostname);