rpms / httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-CVE-2018-17199.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.4 c8-sig-artwork c8-stream-2.4 c8s-stream-2.4 c9 c9-beta
  1.   b2d6874ae638299fa955d9fed23d69ee89b3f9f1
  2.   SOURCES
  3.   httpd-2.4.6-CVE-2018-17199.patch
Blob History Raw
ceb09b 
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
ceb09b 
index 7213eb3..3e73c7a 100644
ceb09b 
--- a/modules/session/mod_session.c
ceb09b 
+++ b/modules/session/mod_session.c
ceb09b 
@@ -126,15 +126,9 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
ceb09b
ceb09b 
     /* found a session that hasn't expired? */
ceb09b 
     now = apr_time_now();
ceb09b 
-    if (!zz || (zz->expiry && zz->expiry < now)) {
ceb09b 
-
ceb09b 
-        /* no luck, create a blank session */
ceb09b 
-        zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
ceb09b 
-        zz->pool = r->pool;
ceb09b 
-        zz->entries = apr_table_make(zz->pool, 10);
ceb09b 
-
ceb09b 
-    }
ceb09b 
-    else {
ceb09b 
+
ceb09b 
+    if (zz){
ceb09b 
+        /* load the session attibutes */
ceb09b 
         rv = ap_run_session_decode(r, zz);
ceb09b 
         if (OK != rv) {
ceb09b 
             ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
ceb09b 
@@ -142,8 +136,22 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
ceb09b 
                           "session not loaded: %s", r->uri);
ceb09b 
             return rv;
ceb09b 
         }
ceb09b 
+
ceb09b 
+        /* invalidate session if session is expired */
ceb09b 
+        if (zz && zz->expiry && zz->expiry < now){
ceb09b 
+           zz = NULL;
ceb09b 
+        }
ceb09b 
     }
ceb09b
ceb09b 
+    if (!zz || (zz->expiry && zz->expiry < now)) {
ceb09b 
+
ceb09b 
+        /* no luck, create a blank session */
ceb09b 
+        zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
ceb09b 
+        zz->pool = r->pool;
ceb09b 
+        zz->entries = apr_table_make(zz->pool, 10);
ceb09b 
+
ceb09b 
+    }
ceb09b 
+
ceb09b 
     /* make sure the expiry is set, if present */
ceb09b 
     if (!zz->expiry && dconf->maxage) {
ceb09b 
         zz->expiry = now + dconf->maxage * APR_USEC_PER_SEC;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation