Author: jim
Date: Tue May 17 18:14:29 2022
New Revision: 1901008
URL: http://svn.apache.org/viewvc?rev=1901008&view=rev
Log:
Merge r1900335 from trunk:
Harden mod_session and avoid overflow in case of indecently large session
Submitted by: jailletc36
Reviewed by: jailletc36, rpluem, ylavic
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/session/mod_session.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1900335
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1901008&r1=1901007&r2=1901008&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue May 17 18:14:29 2022
@@ -163,13 +163,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
ylavic: I think "extra" should be an apr_size_t.
icing: added r1899905 with the proposed changes and assertions.
- *) mod_session: Harden mod_session and avoid overflow in case of indecently large
- session
- trunk patches: https://svn.apache.org/r1900335
- 2.4.x patches: svn merge -c 1900335 ^/httpd/httpd/trunk .
- +1: jailletc36, rpluem, ylavic
-
-
*) mod_http2: remove unscheduling of ongoing tasks when client
behaviour triggers mood change. Fixes https://github.com/icing/mod_h2/issues/231
Trunk version of patch: n.a.
Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session.c?rev=1901008&r1=1901007&r2=1901008&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session.c Tue May 17 18:14:29 2022
@@ -317,7 +317,8 @@ static apr_status_t ap_session_set(reque
static int identity_count(void *v, const char *key, const char *val)
{
- int *count = v;
+ apr_size_t *count = v;
+
*count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1;
}
@@ -325,7 +326,8 @@ static int identity_count(void *v, const
static int identity_concat(void *v, const char *key, const char *val)
{
char *slider = v;
- int length = strlen(slider);
+ apr_size_t length = strlen(slider);
+
slider += length;
if (length) {
*slider = '&';
@@ -355,7 +357,8 @@ static int identity_concat(void *v, cons
static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
{
char *buffer = NULL;
- int length = 0;
+ apr_size_t length = 0;
+
if (z->expiry) {
char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
apr_table_setn(z->entries, SESSION_EXPIRY, expiry);
Date: Tue May 17 18:14:29 2022
New Revision: 1901008
URL: http://svn.apache.org/viewvc?rev=1901008&view=rev
Log:
Merge r1900335 from trunk:
Harden mod_session and avoid overflow in case of indecently large session
Submitted by: jailletc36
Reviewed by: jailletc36, rpluem, ylavic
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/session/mod_session.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1900335
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1901008&r1=1901007&r2=1901008&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue May 17 18:14:29 2022
@@ -163,13 +163,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
ylavic: I think "extra" should be an apr_size_t.
icing: added r1899905 with the proposed changes and assertions.
- *) mod_session: Harden mod_session and avoid overflow in case of indecently large
- session
- trunk patches: https://svn.apache.org/r1900335
- 2.4.x patches: svn merge -c 1900335 ^/httpd/httpd/trunk .
- +1: jailletc36, rpluem, ylavic
-
-
*) mod_http2: remove unscheduling of ongoing tasks when client
behaviour triggers mood change. Fixes https://github.com/icing/mod_h2/issues/231
Trunk version of patch: n.a.
Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session.c?rev=1901008&r1=1901007&r2=1901008&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session.c Tue May 17 18:14:29 2022
@@ -317,7 +317,8 @@ static apr_status_t ap_session_set(reque
static int identity_count(void *v, const char *key, const char *val)
{
- int *count = v;
+ apr_size_t *count = v;
+
*count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1;
}
@@ -325,7 +326,8 @@ static int identity_count(void *v, const
static int identity_concat(void *v, const char *key, const char *val)
{
char *slider = v;
- int length = strlen(slider);
+ apr_size_t length = strlen(slider);
+
slider += length;
if (length) {
*slider = '&';
@@ -355,7 +357,8 @@ static int identity_concat(void *v, cons
static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
{
char *buffer = NULL;
- int length = 0;
+ apr_size_t length = 0;
+
if (z->expiry) {
char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
apr_table_setn(z->entries, SESSION_EXPIRY, expiry);