From: Ruediger Pluem <rpluem@apache.org>
Date: Sat, 19 Jul 2008 14:00:23 +0000 (+0000)
Subject: * Prevent a segfault when a CGI script sets a cookie with a null value.
X-Git-Tag: 2.3.0~420
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd3067baacbd4e62284267369f6ea321fd85a529;p=thirdparty%2Fapache%2Fhttpd.git

* Prevent a segfault when a CGI script sets a cookie with a null value.

Submitted by: David Shane Holden <dpejesh apache.org>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@678160 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 7e1c35a0bb6..2b2d0f70a8d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,8 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
+     null value. [David Shane Holden <dpejesh apache.org>]
 
   *) mod_headers: Prevent Header edit from processing only the first header
      of possibly multiple headers with the same name and deleting the
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index 1559ee5bfea..8553d6a42c8 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -364,7 +364,7 @@ static int session_identity_decode(request_rec * r, session_rec * z)
             if (!val || !*val) {
                 apr_table_unset(z->entries, key);
             }
-            if (!ap_unescape_all(key) && !ap_unescape_all(val)) {
+            else if (!ap_unescape_all(key) && !ap_unescape_all(val)) {
                 if (!strcmp(SESSION_EXPIRY, key)) {
                     z->expiry = (apr_time_t) apr_atoi64(val);
                 }