From bf7d061070cdb905e363028c8443accf983b85a0 Mon Sep 17 00:00:00 2001
From: arshsmith1 <arshi@bugqore.com>
Date: Thu, 25 Jun 2026 11:49:34 +0530
Subject: [PATCH] mod_proxy_balancer: use apr_isspace when scanning Cookie
 header

1. get_cookie_param scans the client-supplied Cookie header and hands raw signed char bytes to isspace().
2. a cookie byte >= 0x80 reaches isspace() as a negative int, outside the unsigned char / EOF domain ctype requires, which is undefined.
Switched both calls to apr_isspace, which indexes via unsigned char like the rest of the proxy and http code.
---
 modules/proxy/mod_proxy_balancer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index bac659614e6..892bde38ae2 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -171,10 +171,10 @@ static char *get_cookie_param(request_rec *r, const char *name)
             if (start_cookie == cookies ||
                 start_cookie[-1] == ';' ||
                 start_cookie[-1] == ',' ||
-                isspace(start_cookie[-1])) {
+                apr_isspace(start_cookie[-1])) {
 
                 start_cookie += strlen(name);
-                while(*start_cookie && isspace(*start_cookie))
+                while(*start_cookie && apr_isspace(*start_cookie))
                     ++start_cookie;
                 if (*start_cookie++ == '=' && *start_cookie) {
                     /*