PR 53104
Backport of r1328133 from trunk resp. r1359690 from 2.4.
Submitted by: gregames
Reviewed by: trawick, wrowe
Backported by: rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@
1374538 13f79535-47bb-0310-9956-
ffa450edef68
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
+ *) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
+ PR 53104. [Greg Ames]
+
*) Unix MPMs: Fix small memory leak in parent process if connect()
failed when waking up children. [Joe Orton]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_log_config: %{abc}C truncates cookies whose values contain '='
- PR 53104
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1328133
- 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1359690
- 2.2.x patch: trunk patch applies
- +1: rjung, trawick, wrowe
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
while ((cookie = apr_strtok(cookies, ";", &last1))) {
char *name = apr_strtok(cookie, "=", &last2);
if (name) {
- char *value;
+ char *value = name + strlen(name) + 1;
apr_collapse_spaces(name, name);
- if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+ if (!strcasecmp(name, a)) {
char *last;
value += strspn(value, " \t"); /* Move past leading WS */
last = value + strlen(value) - 1;
projects / thirdparty / apache / httpd.git / commitdiff
