auth_mellon_handler.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 [patch] fix segmentation fault when receiving badly formed logout
 message.

If the logout message is badly formed, we won't get the entityID in
`logout->parent.remote_providerID`. If we call `apr_hash_get()` with a
null pointer, it will cause a segmentation fault.

Add a check to validate that the entityID is correctly set.

auth_mellon.h | 6 5 + 1 - 0 !
auth_mellon_cache.c | 18 17 + 1 - 0 !
auth_mellon_cookie.c | 28 28 + 0 - 0 !
auth_mellon_session.c | 43 40 + 3 - 0 !
4 files changed, 90 insertions(+), 5 deletions(-)

 [patch] fix cross-site session transfer vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mod_auth_mellon did not verify that the site the session was created
for was the same site as the site the user accessed. This allows an
attacker with access to one web site on a server to use the same

mod_auth_mellon.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

---

auth_mellon_util.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

---