From 80146b2c7456c49327c790fbdc99b1aef91fc5e4 Mon Sep 17 00:00:00 2001 From: Breno Silva Date: Sat, 5 Jan 2013 09:48:49 -0400 Subject: [PATCH] Fixed: detect comma plus white space as a cookie separator --- apache2/modsecurity.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index 0e6df481..85d03b33 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -403,11 +403,26 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) { if (strcasecmp(te[i].key, "Cookie") == 0) { if (msr->txcfg->cookie_format == COOKIES_V0) { _cookies = apr_pstrdup(msr->mp, te[i].val); - while((*_cookies != 0)&&(*_cookies != ',')&&(*_cookies != ';')) _cookies++; - if(*_cookies == ',') - parse_cookies_v0(msr, te[i].val, msr->request_cookies, ","); - else + while((*_cookies != 0)&&(*_cookies != ';')) _cookies++; + if(*_cookies == ';') { parse_cookies_v0(msr, te[i].val, msr->request_cookies, ";"); + } else { + _cookies = apr_pstrdup(msr->mp, te[i].val); + while((*_cookies != 0)&&(*_cookies != ',')) _cookies++; + if(*_cookies == ',') { + _cookies++; + if(*_cookies == 0x20) {// looks like comma is the separator + if (msr->txcfg->debuglog_level >= 5) { + msr_log(msr, 5, "Cookie v0 parser: Using comma as a separator. Semi-colon was not identified!"); + } + parse_cookies_v0(msr, te[i].val, msr->request_cookies, ","); + } else { + parse_cookies_v0(msr, te[i].val, msr->request_cookies, ";"); + } + } else { + parse_cookies_v0(msr, te[i].val, msr->request_cookies, ";"); + } + } } else { parse_cookies_v1(msr, te[i].val, msr->request_cookies); }