debian/patches/CVE-2021-26690.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Description: <short summary of the patch>
Author: Apache authors
Origin: upstream, https://github.com/apache/httpd/commit/67bd9bfe
Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
Forwarded: not-needed
Reviewed-By: Yadd <yadd@debian.org>
Last-Update: 2021-06-10

--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -392,8 +392,8 @@
         char *plast = NULL;
         const char *psep = "=";
         char *key = apr_strtok(pair, psep, &plast);
-        char *val = apr_strtok(NULL, psep, &plast);
         if (key && *key) {
+	    char *val = apr_strtok(NULL, sep, &plast);
             if (!val || !*val) {
                 apr_table_unset(z->entries, key);
             }