commit 5c5ed1d6ab2798b4833a12b81f77aca3f82e86f0
Author: Olav Morken <olav.morken@uninett.no>
Date:   Tue Aug 8 09:45:10 2017 +0200

    Fix segmentation fault with POST field without a value.
    
    This patch fixes a segmentation fault that can occur after the user
    has logged in if the server is configured to replay POST data from
    before login. If the POST data contained a field without a value we
    would attempt to pass a constant string to the
    am_urldecode()-function, which would crash with a segmentation fault.
    
    This patch fixes that by using an empty string allocated on the stack
    instead of a constant string.
    
    Fixes #115.

diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index f073721..70462a7 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -2329,6 +2329,7 @@ const char *am_post_mkform_urlencoded(request_rec *r, const char *post_data)
     const char *item;
     char *last;
     char *post_form = "";
+    char empty_value[] = "";
 
     for (item = am_xstrtok(r, post_data, "&", &last); item; 
          item = am_xstrtok(r, NULL, "&", &last)) {
@@ -2344,7 +2345,7 @@ const char *am_post_mkform_urlencoded(request_rec *r, const char *post_data)
             continue;
 
         if (value == NULL)
-            value = (char *)"";
+            value = empty_value;
 
         if (am_urldecode(name) != OK) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,