httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: [PATCH] mod_session.c
Date Sat, 19 Jul 2008 14:01:45 GMT

On 07/19/2008 12:23 PM, David Shane Holden wrote:
> I was experimenting with mod_session a bit and ran into a segfault when 
> a cgi script sets a cookie with a null value (eg. "key=").  Basically 
> mod_session tries to do a sanity check on the null value by passing it 
> to ap_unescape_all which is causing the segfault.  But, if you look at 
> the code there's no need for it, the key was removed from the table 
> because of the null value and the sanity check is in preparation to add 
> it back to the table.  The attached patch fixes mod_session, but perhaps 
> unescape_url (which ap_unescape_all calls) should verify that the value 
> passed to it isn't null.  I'm not quite sure what it should return 
> though which is why I didn't bother touching it.

Thanks for the patch. Fixed in r678160.



View raw message