From: Rainer Jung Date: Sat, 18 Aug 2012 09:32:36 +0000 (+0000) Subject: mod_log_config: %{abc}C truncates cookies whose values contain '='. X-Git-Tag: 2.2.23~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=826242d28a476ff15f3dc9ce0d518fd6555e9e45;p=thirdparty%2Fapache%2Fhttpd.git mod_log_config: %{abc}C truncates cookies whose values contain '='. PR 53104 Backport of r1328133 from trunk resp. r1359690 from 2.4. Submitted by: gregames Reviewed by: trawick, wrowe Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1374538 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 1d25ba6a36f..992c6964f4b 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,9 @@ Changes with Apache 2.2.23 possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] + *) mod_log_config: Fix %{abc}C truncating cookie values at first "=". + PR 53104. [Greg Ames] + *) Unix MPMs: Fix small memory leak in parent process if connect() failed when waking up children. [Joe Orton] diff --git a/STATUS b/STATUS index 913860f5e9f..9b1d9641c24 100644 --- a/STATUS +++ b/STATUS @@ -93,12 +93,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_log_config: %{abc}C truncates cookies whose values contain '=' - PR 53104 - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1328133 - 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1359690 - 2.2.x patch: trunk patch applies - +1: rjung, trawick, wrowe PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index 9400f6a1776..e33ab1c5c22 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -525,10 +525,10 @@ static const char *log_cookie(request_rec *r, char *a) while ((cookie = apr_strtok(cookies, ";", &last1))) { char *name = apr_strtok(cookie, "=", &last2); if (name) { - char *value; + char *value = name + strlen(name) + 1; apr_collapse_spaces(name, name); - if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { + if (!strcasecmp(name, a)) { char *last; value += strspn(value, " \t"); /* Move past leading WS */ last = value + strlen(value) - 1;