httpd/CVE-2021-26690.patch

From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 1 Mar 2021 20:07:08 +0000
Subject: [PATCH] mod_session: save one apr_strtok() in
 session_identity_decode().

When the encoding is invalid (missing '='), no need to parse further.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/session/mod_session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index a2b4a3e608b..01f41fe5d0f 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -413,8 +413,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z)
         char *plast = NULL;
         const char *psep = "=";
         char *key = apr_strtok(pair, psep, &plast);
-        char *val = apr_strtok(NULL, psep, &plast);
         if (key && *key) {
+            char *val = apr_strtok(NULL, sep, &plast);
             if (!val || !*val) {
                 apr_table_unset(z->entries, key);
             }
fix CVE-2021-26690 2021-06-23 14:09:51 +08:00			`From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001`
			`From: Yann Ylavic <ylavic@apache.org>`
			`Date: Mon, 1 Mar 2021 20:07:08 +0000`
			`Subject: [PATCH] mod_session: save one apr_strtok() in`
			`session_identity_decode().`

			`When the encoding is invalid (missing '='), no need to parse further.`

			`git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68`
			`---`
			`modules/session/mod_session.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c`
			`index a2b4a3e608b..01f41fe5d0f 100644`
			`--- a/modules/session/mod_session.c`
			`+++ b/modules/session/mod_session.c`
			`@@ -413,8 +413,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z)`
			`char *plast = NULL;`
			`const char *psep = "=";`
			`char *key = apr_strtok(pair, psep, &plast);`
			`- char *val = apr_strtok(NULL, psep, &plast);`
			`if (key && *key) {`
			`+ char *val = apr_strtok(NULL, sep, &plast);`
			`if (!val \|\| !*val) {`
			`apr_table_unset(z->entries, key);`
			`}`