ASF Bugzilla – Attachment 27993 Details for
Bug 52256
CVE-2012-0021 Nameless, Valueless cookie causes Segmentation fault when logging Cookies
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch (check NULLness of name before use)
httpd-modules_loggers_mod_log_config_nameless_cookie_segfault.patch (text/plain), 1.42 KB, created by
Rainer Canavan
on 2011-11-28 15:16:11 UTC
(
hide
)
Description:
Patch (check NULLness of name before use)
Filename:
MIME Type:
Creator:
Rainer Canavan
Created:
2011-11-28 15:16:11 UTC
Size:
1.42 KB
patch
obsolete
>--- httpd-2.2.21/modules/loggers/mod_log_config.c 2010-08-24 08:41:38.000000000 +0200 >+++ httpd-2.2.21/modules/loggers/mod_log_config.c 2011-11-28 15:47:50.924019989 +0100 >@@ -525,18 +558,20 @@ > while ((cookie = apr_strtok(cookies, ";", &last1))) { > char *name = apr_strtok(cookie, "=", &last2); > char *value; >- apr_collapse_spaces(name, name); >+ if (name) { >+ apr_collapse_spaces(name, name); > >- if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { >- char *last; >- value += strspn(value, " \t"); /* Move past leading WS */ >- last = value + strlen(value) - 1; >- while (last >= value && apr_isspace(*last)) { >- *last = '\0'; >- --last; >+ if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { >+ char *last; >+ value += strspn(value, " \t"); /* Move past leading WS */ >+ last = value + strlen(value) - 1; >+ while (last >= value && apr_isspace(*last)) { >+ *last = '\0'; >+ --last; >+ } >+ >+ return ap_escape_logitem(r->pool, value); > } >- >- return ap_escape_logitem(r->pool, value); > } > cookies = NULL; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=27993">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 52256
: 27993