From: Graham Leggett Date: Sun, 13 Sep 2009 16:04:13 +0000 (+0000) Subject: mod_session_crypto: Sanity check should the potentially encrypted X-Git-Tag: 2.3.3~312 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9c0867de9dfe90b3fa4f21802d42a44a18b859aa;p=thirdparty%2Fapache%2Fhttpd.git mod_session_crypto: Sanity check should the potentially encrypted session cookie be too short. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814334 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index fcf3ac75610..f1fe9990747 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.3 + *) mod_session_crypto: Sanity check should the potentially encrypted + session cookie be too short. [Graham Leggett] + *) mod_session.c: Prevent a segfault when session is added but not configured. [Graham Leggett] diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c index 080c108dbef..ab7980d1dd8 100644 --- a/modules/session/mod_session_crypto.c +++ b/modules/session/mod_session_crypto.c @@ -225,6 +225,13 @@ static apr_status_t decrypt_string(request_rec * r, const apr_crypto_driver_t *d return res; } + /* sanity check - decoded too short? */ + if (decodedlen < (sizeof(apr_uuid_t) + ivSize)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, LOG_PREFIX + "too short to decrypt, skipping"); + return APR_ECRYPT; + } + /* bypass the salt at the start of the decoded block */ decoded += sizeof(apr_uuid_t); decodedlen -= sizeof(apr_uuid_t);