packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
httpd/backport-Harden-mod_session-and-avoid-overflow-of-large-session.patch
chengyechun b981a203d9 change default value of HeartbeatMaxServers 
fix setting and comparison of IPs fileds
avoid voerflow in case of indecently large session
make ap_escape_quotes() work correctly
fix lua_request with cast first
Handle children killed pathologically
q
2022-12-14 10:54:40 +08:00

50 lines
1.6 KiB
Diff
Raw Blame History

From 0befd97dfe19e23921b4cc5412d6177f2cab6aac Mon Sep 17 00:00:00 2001
From: jimjag <jimjag@gmail.com>
Date: Tue May 17 18:14:29 2022 UTC
Subject: [PATCH] mod_session:Harden mod_session and avoid overflow of large session
Conflict:NA
Reference:https://github.com/apache/httpd/commit/0befd97dfe19e23921b4cc5412d6177f2cab6aac
---
modules/session/mod_session.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index ec4ac2e..fa8d406 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -317,7 +317,8 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
static int identity_count(void *v, const char *key, const char *val)
{
- int *count = v;
+ apr_size_t *count = v;
+
*count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1;
}
@@ -325,7 +326,8 @@ static int identity_count(void *v, const char *key, const char *val)
static int identity_concat(void *v, const char *key, const char *val)
{
char *slider = v;
- int length = strlen(slider);
+ apr_size_t length = strlen(slider);
+
slider += length;
if (length) {
*slider = '&';
@@ -355,7 +357,8 @@ static int identity_concat(void *v, const char *key, const char *val)
static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
{
char *buffer = NULL;
- int length = 0;
+ apr_size_t length = 0;
+
if (z->expiry) {
char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
apr_table_setn(z->entries, SESSION_EXPIRY, expiry);
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink