SECURITY: CVE-2012-0021 (cve.mitre.org)

Fix segfault when trying to log a nameless valueless cookie

PR: 52256
Submitted by: Rainer Canavan <rainer-apache 7val com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1225380 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 14 insertions, 12 deletions

diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
index 0f35e6b965..caea1f388b 100644
--- a/modules/loggers/mod_log_config.c
+++ b/modules/loggers/mod_log_config.c
@@ -541,19 +541,21 @@ static const char *log_cookie(request_rec *r, char *a)
 
         while ((cookie = apr_strtok(cookies, ";", &last1))) {
             char *name = apr_strtok(cookie, "=", &last2);
-            char *value;
-            apr_collapse_spaces(name, name);
-
-            if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
-                char *last;
-                value += strspn(value, " \t");  /* Move past leading WS */
-                last = value + strlen(value) - 1;
-                while (last >= value && apr_isspace(*last)) {
-                   *last = '\0';
-                   --last;
+            if (name) {
+                char *value;
+                apr_collapse_spaces(name, name);
+
+                if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+                    char *last;
+                    value += strspn(value, " \t");  /* Move past leading WS */
+                    last = value + strlen(value) - 1;
+                    while (last >= value && apr_isspace(*last)) {
+                       *last = '\0';
+                       --last;
+                    }
+
+                    return ap_escape_logitem(r->pool, value);
                 }
-
-                return ap_escape_logitem(r->pool, value);
             }
             cookies = NULL;
         }