SECURITY: CVE-2012-0021 (cve.mitre.org)

author Stefan Fritsch <sf@apache.org>

Wed, 4 Jan 2012 20:03:11 +0000 (20:03 +0000)

committer Stefan Fritsch <sf@apache.org>

Wed, 4 Jan 2012 20:03:11 +0000 (20:03 +0000)
author Stefan Fritsch <sf@apache.org>
Wed, 4 Jan 2012 20:03:11 +0000 (20:03 +0000)
committer Stefan Fritsch <sf@apache.org>
Wed, 4 Jan 2012 20:03:11 +0000 (20:03 +0000)
diff --git a/CHANGES b/CHANGES

index f6e2ebbb2925d28ceedd8c7572f2421e2b031d9a..6a1812ce820fd437ab9dfdea3bf3bbff729ff599 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,9 @@ Changes with Apache 2.2.22
       is enabled, could allow local users to gain privileges via a .htaccess
       file. [Stefan Fritsch, Greg Ames]
  
+  *) mod_log_config: Fix segfault when logging nameless, valueless cookie.
+     PR 52256. [Stefan Fritsch]
+
    *) core: Fix segfault in ap_send_interim_response(). PR 52315.
       [Stefan Fritsch]
  
diff --git a/STATUS b/STATUS

index c8b1410971f7d45210869adfab9a7faf54bcfb77..6341673288cc8debf8f3cd11dd0dfe2b65cbb631 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -107,11 +107,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       and 2.4.x no longer support this version, see r1203491 and r1203495)
      +1: kbrand (non-binding), rjung, jorton
  
-  * mod_log_config: Fix segfault when logging Nameless, Valueless cookie. PR 52256
-      Trunk patch: http://svn.apache.org/viewvc?rev=1225380&view=rev
-      2.2.x patch: trunk patch works
-    +1: sf, gregames, covener
-
  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
    [ New proposals should be added at the end of the list ]
  
diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c

index 6a68336767d0089e9ada4c766564bee0f7ce723d..9400f6a1776ded7d446a48e168636fce8adfbbed 100644 (file)
--- a/modules/loggers/mod_log_config.c
+++ b/modules/loggers/mod_log_config.c
@@ -524,19 +524,21 @@ static const char *log_cookie(request_rec *r, char *a)
  
          while ((cookie = apr_strtok(cookies, ";", &last1))) {
              char *name = apr_strtok(cookie, "=", &last2);
-            char *value;
-            apr_collapse_spaces(name, name);
-
-            if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
-                char *last;
-                value += strspn(value, " \t");  /* Move past leading WS */
-                last = value + strlen(value) - 1;
-                while (last >= value && apr_isspace(*last)) {
-                   *last = '\0';
-                   --last;
+            if (name) {
+                char *value;
+                apr_collapse_spaces(name, name);
+
+                if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+                    char *last;
+                    value += strspn(value, " \t");  /* Move past leading WS */
+                    last = value + strlen(value) - 1;
+                    while (last >= value && apr_isspace(*last)) {
+                       *last = '\0';
+                       --last;
+                    }
+
+                    return ap_escape_logitem(r->pool, value);
                  }
-
-                return ap_escape_logitem(r->pool, value);
              }
              cookies = NULL;
          }
author	Stefan Fritsch <sf@apache.org>
	Wed, 4 Jan 2012 20:03:11 +0000 (20:03 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Wed, 4 Jan 2012 20:03:11 +0000 (20:03 +0000)
CHANGES		patch \| blob \| blame \| history
STATUS		patch \| blob \| blame \| history
modules/loggers/mod_log_config.c		patch \| blob \| blame \| history