From d80685a9e0241d99e94aa2fc0aa491d90c4ae9e8 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Sun, 26 Apr 2026 16:29:24 +0000
Subject: [PATCH] Merge r1933357 from trunk:

mod_authn_socache: validate URL earlier



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1933358 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/aaa/mod_authn_socache.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/aaa/mod_authn_socache.c b/modules/aaa/mod_authn_socache.c
index 0e4454a4b12..0834ab43d32 100644
--- a/modules/aaa/mod_authn_socache.c
+++ b/modules/aaa/mod_authn_socache.c
@@ -266,11 +266,10 @@ static const command_rec authn_cache_cmds[] =
 static const char *construct_key(request_rec *r, const char *context,
                                  const char *user, const char *realm)
 {
+    const char *slash = ap_strrchr_c(r->uri, '/');
     /* handle "special" context values */
-    if (!strcmp(context, directory)) {
-        /* FIXME: are we at risk of this blowing up? */
+    if (!strcmp(context, directory) && slash) {
         char *new_context;
-        char *slash = strrchr(r->uri, '/');
         new_context = apr_palloc(r->pool, slash - r->uri +
                                  strlen(r->server->server_hostname) + 1);
         strcpy(new_context, r->server->server_hostname);