From bef4205da37ec1839e6eecc4e8ef56b29829988c Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Sun, 1 Mar 2020 22:40:03 +0000
Subject: bubble up an error if none of the passhrases work

previously, the un-decodable z->encoded would get set to NULL
but success would be returned




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874674 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/session/mod_session_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'modules')

diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c
index be7e7b1807..6e180f8cf3 100644
--- a/modules/session/mod_session_crypto.c
+++ b/modules/session/mod_session_crypto.c
@@ -391,6 +391,8 @@ static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f,
         return res;
     }
 
+    res = APR_ECRYPT; /* in case we exhaust all passphrases */
+
     /* try each passphrase in turn */
     for (; i < dconf->passphrases->nelts; i++) {
         const char *passphrase = APR_ARRAY_IDX(dconf->passphrases, i, char *);
-- 
cgit v1.2.3