commit 1a24e08ce506c2c19dd92a1bc9c2b9a1d9354934
Author: Tomas Halman <thalman@redhat.com>
Date:   Tue Apr 11 11:39:55 2023 +0200

    Backport fixe of CVE-2023-28625
    
    CVE-2023-28625 mod_auth_openidc: NULL pointer dereference when
    OIDCStripCookies is set and a crafted Cookie header is supplied
    
    This patch is based on commit c0e1edac3c4c19988ccdc7713d7aebfce6ff916a

diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
index 099c716..51eb53e 100644
--- a/src/mod_auth_openidc.c
+++ b/src/mod_auth_openidc.c
@@ -191,6 +191,8 @@ void oidc_strip_cookies(request_rec *r) {
 		do {
 			while (cookie != NULL && *cookie == OIDC_CHAR_SPACE)
 				cookie++;
+			if (cookie == NULL)
+				break;
 
 			for (i = 0; i < strip->nelts; i++) {
 				name = ((const char**) strip->elts)[i];