github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 00:16:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-261

Browse Source
This commit is contained in:
brenosilva 2012-10-04 15:53:40 +00:00
parent 724060a29f
commit 9661ac4de7
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apache2/modsecurity.c
View File

@ -276,6 +276,7 @@ static apr_status_t modsecurity_tx_cleanup(void *data) {
apr_status_t modsecurity_tx_init(modsec_rec *msr) { apr_status_t modsecurity_tx_init(modsec_rec *msr) {
const char *s = NULL; const char *s = NULL;
const apr_array_header_t *arr; const apr_array_header_t *arr;
char *_cookies = NULL;
apr_table_entry_t *te; apr_table_entry_t *te;
int i; int i;
@ -401,7 +402,12 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
for (i = 0; i < arr->nelts; i++) { for (i = 0; i < arr->nelts; i++) {
if (strcasecmp(te[i].key, "Cookie") == 0) { if (strcasecmp(te[i].key, "Cookie") == 0) {
if (msr->txcfg->cookie_format == COOKIES_V0) { if (msr->txcfg->cookie_format == COOKIES_V0) {
parse_cookies_v0(msr, te[i].val, msr->request_cookies); _cookies = apr_pstrdup(msr->mp, te[i].val);
while((*_cookies != 0)&&(*_cookies != ',')&&(*_cookies != ';')) _cookies++;
if(*_cookies == ',')
parse_cookies_v0(msr, te[i].val, msr->request_cookies, ",");
else
parse_cookies_v0(msr, te[i].val, msr->request_cookies, ";");
} else { } else {
parse_cookies_v1(msr, te[i].val, msr->request_cookies); parse_cookies_v1(msr, te[i].val, msr->request_cookies);
} }

6
apache2/msc_parsers.c
View File

@ -19,7 +19,7 @@
* *
*/ */
int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
apr_table_t *cookies) apr_table_t *cookies, const char *delim)
{ {
char *attr_name = NULL, *attr_value = NULL; char *attr_name = NULL, *attr_value = NULL;
char *cookie_header; char *cookie_header;
@ -35,7 +35,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
cookie_header = strdup(_cookie_header); cookie_header = strdup(_cookie_header);
if (cookie_header == NULL) return -1; if (cookie_header == NULL) return -1;
p = apr_strtok(cookie_header, ";", &saveptr); p = apr_strtok(cookie_header, delim, &saveptr);
while(p != NULL) { while(p != NULL) {
attr_name = NULL; attr_name = NULL;
@ -74,7 +74,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
cookie_count++; cookie_count++;
} }
p = apr_strtok(NULL, ";", &saveptr); p = apr_strtok(NULL, delim, &saveptr);
} }
free(cookie_header); free(cookie_header);

3
apache2/msc_parsers.h
View File

@ -17,7 +17,8 @@
#include "modsecurity.h" #include "modsecurity.h"
int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies); int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies,
const char *delim);
int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies); int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);