httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Shane Holden <>
Subject [PATCH] mod_session.c
Date Sat, 19 Jul 2008 10:23:32 GMT
I was experimenting with mod_session a bit and ran into a segfault when 
a cgi script sets a cookie with a null value (eg. "key=").  Basically 
mod_session tries to do a sanity check on the null value by passing it 
to ap_unescape_all which is causing the segfault.  But, if you look at 
the code there's no need for it, the key was removed from the table 
because of the null value and the sanity check is in preparation to add 
it back to the table.  The attached patch fixes mod_session, but perhaps 
unescape_url (which ap_unescape_all calls) should verify that the value 
passed to it isn't null.  I'm not quite sure what it should return 
though which is why I didn't bother touching it.

View raw message