From 9661ac4de77e2d9787985311c1601c1e097c0c3a Mon Sep 17 00:00:00 2001
From: brenosilva <brenosilva@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Thu, 4 Oct 2012 15:53:40 +0000
Subject: [PATCH] MODSEC-261

---
 apache2/modsecurity.c | 8 +++++++-
 apache2/msc_parsers.c | 6 +++---
 apache2/msc_parsers.h | 3 ++-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c
index d01ea2f1..0e6df481 100644
--- a/apache2/modsecurity.c
+++ b/apache2/modsecurity.c
@@ -276,6 +276,7 @@ static apr_status_t modsecurity_tx_cleanup(void *data) {
 apr_status_t modsecurity_tx_init(modsec_rec *msr) {
     const char *s = NULL;
     const apr_array_header_t *arr;
+    char *_cookies = NULL;
     apr_table_entry_t *te;
     int i;
 
@@ -401,7 +402,12 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
     for (i = 0; i < arr->nelts; i++) {
         if (strcasecmp(te[i].key, "Cookie") == 0) {
             if (msr->txcfg->cookie_format == COOKIES_V0) {
-                parse_cookies_v0(msr, te[i].val, msr->request_cookies);
+                _cookies = apr_pstrdup(msr->mp, te[i].val);
+                while((*_cookies != 0)&&(*_cookies != ',')&&(*_cookies != ';')) _cookies++;
+                if(*_cookies == ',')
+                    parse_cookies_v0(msr, te[i].val, msr->request_cookies, ",");
+                else
+                    parse_cookies_v0(msr, te[i].val, msr->request_cookies, ";");
             } else {
                 parse_cookies_v1(msr, te[i].val, msr->request_cookies);
             }
diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c
index 64236e1f..ebbac294 100644
--- a/apache2/msc_parsers.c
+++ b/apache2/msc_parsers.c
@@ -19,7 +19,7 @@
  *
  */
 int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
-                     apr_table_t *cookies)
+                     apr_table_t *cookies, const char *delim)
 {
     char *attr_name = NULL, *attr_value = NULL;
     char *cookie_header;
@@ -35,7 +35,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
     cookie_header = strdup(_cookie_header);
     if (cookie_header == NULL) return -1;
 
-    p = apr_strtok(cookie_header, ";", &saveptr);
+    p = apr_strtok(cookie_header, delim, &saveptr);
 
     while(p != NULL) {
         attr_name = NULL;
@@ -74,7 +74,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
             cookie_count++;
         }
 
-        p = apr_strtok(NULL, ";", &saveptr);
+        p = apr_strtok(NULL, delim, &saveptr);
     }
 
     free(cookie_header);
diff --git a/apache2/msc_parsers.h b/apache2/msc_parsers.h
index 8df84fca..41a9e392 100644
--- a/apache2/msc_parsers.h
+++ b/apache2/msc_parsers.h
@@ -17,7 +17,8 @@
 
 #include "modsecurity.h"
 
-int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);
+int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies,
+    const char *delim);
 
 int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);