File apache2-CVE-2018-1283.patch of Package apache2.13990

--- a/modules/session/mod_session.c	2018/02/16 13:39:47	1824476
+++ b/modules/session/mod_session.c	2018/02/16 13:41:31	1824477
@@ -510,12 +510,15 @@
      */
     ap_session_load(r, &z);
 
-    if (z && conf->env) {
-        session_identity_encode(r, z);
-        if (z->encoded) {
-            apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
-            z->encoded = NULL;
+    if (conf->env) {
+        if (z) {
+            session_identity_encode(r, z);
+            if (z->encoded) {
+                apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
+                z->encoded = NULL;
+            }
         }
+        apr_table_unset(r->headers_in, "Session");
     }
 
     return OK;
openSUSE Build Service is sponsored by