]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: de36fea)
Merge r1900335 from trunk:
authorJim Jagielski <jim@apache.org>
Tue, 17 May 2022 18:14:29 +0000 (18:14 +0000)
committerJim Jagielski <jim@apache.org>
Tue, 17 May 2022 18:14:29 +0000 (18:14 +0000)
Harden mod_session and avoid overflow in case of indecently large session
Submitted by: jailletc36
Reviewed by: jailletc36, rpluem, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1901008 13f79535-47bb-0310-9956-ffa450edef68

STATUS patch | blob | blame | history
modules/session/mod_session.c patch | blob | blame | history

diff --git a/STATUS b/STATUS
index c8f8864f45712dbe3560f76b6a25dab201ae4b7c..a962ef4b7acd5eebc470f98baa7c962a150c9fa7 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -163,13 +163,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      ylavic: I think "extra" should be an apr_size_t.
      icing: added r1899905 with the proposed changes and assertions.
 
-  *) mod_session: Harden mod_session and avoid overflow in case of indecently large
-     session
-     trunk patches: https://svn.apache.org/r1900335
-     2.4.x patches: svn merge -c 1900335 ^/httpd/httpd/trunk .
-     +1: jailletc36, rpluem, ylavic
-
-
   *) mod_http2: remove unscheduling of ongoing tasks when client
      behaviour triggers mood change. Fixes https://github.com/icing/mod_h2/issues/231
      Trunk version of patch: n.a.
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index ec4ac2e556f1284ecb3095bc0f2d041d9a33de56..fa8d40666fd16be5dbc1acbcce0684f76f5f8829 100644 (file)
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -317,7 +317,8 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
 
 static int identity_count(void *v, const char *key, const char *val)
 {
-    int *count = v;
+    apr_size_t *count = v;
+
     *count += strlen(key) * 3 + strlen(val) * 3 + 2;
     return 1;
 }
@@ -325,7 +326,8 @@ static int identity_count(void *v, const char *key, const char *val)
 static int identity_concat(void *v, const char *key, const char *val)
 {
     char *slider = v;
-    int length = strlen(slider);
+    apr_size_t length = strlen(slider);
+
     slider += length;
     if (length) {
         *slider = '&';
@@ -355,7 +357,8 @@ static int identity_concat(void *v, const char *key, const char *val)
 static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
 {
     char *buffer = NULL;
-    int length = 0;
+    apr_size_t length = 0;
+
     if (z->expiry) {
         char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
         apr_table_setn(z->entries, SESSION_EXPIRY, expiry);
Mirror of https://github.com/apache/httpd.git