httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: unsetting encrypted cookies when encryption key changes
Date Wed, 11 Dec 2013 23:25:09 GMT
On 09 Dec 2013, at 10:50 AM, Thomas Eckert <thomas.r.w.eckert@gmail.com> wrote:

> So it should work out of the box. I figured as much but was unsure whether I hit a bug
or forgot a configuration directive. Will look into it once I have the time :-/

Here is an untested patch, can you give it a try and confirm?

Index: modules/session/mod_session_crypto.c
===================================================================
--- modules/session/mod_session_crypto.c	(revision 1550312)
+++ modules/session/mod_session_crypto.c	(working copy)
@@ -222,7 +222,7 @@
  * Returns APR_SUCCESS if successful.
  */
 static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f,
-        session_crypto_dir_conf *dconf, const char *in, char **out)
+        session_crypto_dir_conf *dconf, const char *in, char **out, int *dirty)
 {
     apr_status_t res;
     apr_crypto_key_t *key = NULL;
@@ -252,6 +252,9 @@
         apr_size_t len = decodedlen;
         char *slider = decoded;
 
+        /* if not first passphrase, mark the session as dirty */
+        *dirty = *dirty & (i > 0);
+
         /* encrypt using the first passphrase in the list */
         res = apr_crypto_passphrase(&key, &ivSize, passphrase,
                 strlen(passphrase),
@@ -382,7 +385,7 @@
     if ((dconf->passphrases_set) && z->encoded && *z->encoded) {
         apr_pool_userdata_get((void **)&f, CRYPTO_KEY,
                 r->server->process->pconf);
-        res = decrypt_string(r, f, dconf, z->encoded, &encoded);
+        res = decrypt_string(r, f, dconf, z->encoded, &encoded, &z->dirty);
         if (res != APR_SUCCESS) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01842)
                     "decrypt session failed, wrong passphrase?");


Regards,
Graham
--


Mime
View raw message