From 213cd1e8408771c40e3822da2efe541251d6a8c5 Mon Sep 17 00:00:00 2001 From: Breno Silva Date: Sat, 5 Jan 2013 12:11:18 -0400 Subject: [PATCH] Fixed: detect comma plus white space as a cookie separator - change variable names --- apache2/modsecurity.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index 85d03b33..a7a5bb18 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -276,7 +276,8 @@ static apr_status_t modsecurity_tx_cleanup(void *data) { apr_status_t modsecurity_tx_init(modsec_rec *msr) { const char *s = NULL; const apr_array_header_t *arr; - char *_cookies = NULL; + char *semicolon = NULL; + char *comma = NULL; apr_table_entry_t *te; int i; @@ -402,16 +403,16 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) { for (i = 0; i < arr->nelts; i++) { if (strcasecmp(te[i].key, "Cookie") == 0) { if (msr->txcfg->cookie_format == COOKIES_V0) { - _cookies = apr_pstrdup(msr->mp, te[i].val); - while((*_cookies != 0)&&(*_cookies != ';')) _cookies++; - if(*_cookies == ';') { + semicolon = apr_pstrdup(msr->mp, te[i].val); + while((*semicolon != 0)&&(*semicolon != ';')) semicolon++; + if(*semicolon == ';') { parse_cookies_v0(msr, te[i].val, msr->request_cookies, ";"); } else { - _cookies = apr_pstrdup(msr->mp, te[i].val); - while((*_cookies != 0)&&(*_cookies != ',')) _cookies++; - if(*_cookies == ',') { - _cookies++; - if(*_cookies == 0x20) {// looks like comma is the separator + comma = apr_pstrdup(msr->mp, te[i].val); + while((*comma != 0)&&(*comma != ',')) comma++; + if(*comma == ',') { + comma++; + if(*comma == 0x20) {// looks like comma is the separator if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Cookie v0 parser: Using comma as a separator. Semi-colon was not identified!"); }