File apache2-CVE-2018-1283.patch of Package apache2.18661
--- a/modules/session/mod_session.c 2018/02/16 13:39:47 1824476
+++ b/modules/session/mod_session.c 2018/02/16 13:41:31 1824477
@@ -510,12 +510,15 @@
*/
ap_session_load(r, &z);
- if (z && conf->env) {
- session_identity_encode(r, z);
- if (z->encoded) {
- apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
- z->encoded = NULL;
+ if (conf->env) {
+ if (z) {
+ session_identity_encode(r, z);
+ if (z->encoded) {
+ apr_table_set(r->subprocess_env, HTTP_SESSION, z->encoded);
+ z->encoded = NULL;
+ }
}
+ apr_table_unset(r->headers_in, "Session");
}
return OK;