www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Harden mod_session and avoid overflow in case of indecently large session

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900335 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Christophe Jaillet
2022-04-27 20:08:50 +00:00
parent 0c5f62a212
commit caf4efca9f
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/session/mod_session.c
View File

@@ -325,7 +325,8 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
static int identity_count(void *v, const char *key, const char *val) static int identity_count(void *v, const char *key, const char *val)
{ {
int *count = v; apr_size_t *count = v;
*count += strlen(key) * 3 + strlen(val) * 3 + 2; *count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1; return 1;
} }
@@ -333,7 +334,8 @@ static int identity_count(void *v, const char *key, const char *val)
static int identity_concat(void *v, const char *key, const char *val) static int identity_concat(void *v, const char *key, const char *val)
{ {
char *slider = v; char *slider = v;
int length = strlen(slider); apr_size_t length = strlen(slider);
slider += length; slider += length;
if (length) { if (length) {
*slider = '&'; *slider = '&';
@@ -363,7 +365,8 @@ static int identity_concat(void *v, const char *key, const char *val)
static apr_status_t session_identity_encode(request_rec * r, session_rec * z) static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
{ {
char *buffer = NULL; char *buffer = NULL;
int length = 0; apr_size_t length = 0;
if (z->expiry) { if (z->expiry) {
char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry); char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
apr_table_setn(z->entries, SESSION_EXPIRY, expiry); apr_table_setn(z->entries, SESSION_EXPIRY, expiry);