Blame SOURCES/httpd-2.4.6-CVE-2018-1283.patch
|
|
a4f3a1 |
--- a/modules/session/mod_session.c 2018/02/16 13:39:47 1824476
|
|
|
a4f3a1 |
+++ b/modules/session/mod_session.c 2018/02/16 13:41:31 1824477
|
|
|
a4f3a1 |
@@ -510,12 +510,15 @@
|
|
|
a4f3a1 |
*/
|
|
|
a4f3a1 |
ap_session_load(r, &z);
|
|
|
a4f3a1 |
|
|
|
a4f3a1 |
- if (z && conf->env) {
|
|
|
a4f3a1 |
- session_identity_encode(r, z);
|
|
|
a4f3a1 |
- if (z->encoded) {
|
|
|
a4f3a1 |
- apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
|
|
|
a4f3a1 |
- z->encoded = NULL;
|
|
|
a4f3a1 |
+ if (conf->env) {
|
|
|
a4f3a1 |
+ if (z) {
|
|
|
a4f3a1 |
+ session_identity_encode(r, z);
|
|
|
a4f3a1 |
+ if (z->encoded) {
|
|
|
a4f3a1 |
+ apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
|
|
|
a4f3a1 |
+ z->encoded = NULL;
|
|
|
a4f3a1 |
+ }
|
|
|
a4f3a1 |
}
|
|
|
a4f3a1 |
+ apr_table_unset(r->headers_in, "Session");
|
|
|
a4f3a1 |
}
|
|
|
a4f3a1 |
|
|
|
a4f3a1 |
return OK;
|