diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index 45f1587f..d7df97a8 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -64,6 +64,7 @@ void *create_directory_config(apr_pool_t *mp, char *path) dcfg->cookie_format = NOT_SET; dcfg->argument_separator = NOT_SET; + dcfg->cookiev0_separator = NOT_SET_P; dcfg->rule_inheritance = NOT_SET; dcfg->rule_exceptions = apr_array_make(mp, 16, sizeof(rule_exception *)); @@ -366,6 +367,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) ? parent->cookie_format : child->cookie_format); merged->argument_separator = (child->argument_separator == NOT_SET ? parent->argument_separator : child->argument_separator); + merged->cookiev0_separator = (child->cookiev0_separator == NOT_SET_P + ? parent->cookiev0_separator : child->cookiev0_separator); /* rule inheritance */ @@ -627,6 +630,7 @@ void init_directory_config(directory_config *dcfg) if (dcfg->cookie_format == NOT_SET) dcfg->cookie_format = 0; if (dcfg->argument_separator == NOT_SET) dcfg->argument_separator = '&'; + if (dcfg->cookiev0_separator == NOT_SET_P) dcfg->cookiev0_separator = ";"; if (dcfg->rule_inheritance == NOT_SET) dcfg->rule_inheritance = 1; @@ -1098,6 +1102,21 @@ static const char *cmd_argument_separator(cmd_parms *cmd, void *_dcfg, return NULL; } +static const char *cmd_cookiev0_separator(cmd_parms *cmd, void *_dcfg, + const char *p1) +{ + directory_config *dcfg = (directory_config *)_dcfg; + + if (strlen(p1) != 1) { + return apr_psprintf(cmd->pool, "ModSecurity: Invalid cookie v0 separator: %s", p1); + } + + dcfg->cookiev0_separator = p1; + + return NULL; +} + + static const char *cmd_audit_engine(cmd_parms *cmd, void *_dcfg, const char *p1) { directory_config *dcfg = _dcfg; @@ -2913,6 +2932,14 @@ const command_rec module_directives[] = { "version of the Cookie specification to use for parsing. Possible values are 0 and 1." ), + AP_INIT_TAKE1 ( + "SecCookieV0Separator", + cmd_cookiev0_separator, + NULL, + CMD_SCOPE_ANY, + "character that will be used as separator when parsing cookie v0 content." + ), + AP_INIT_TAKE1 ( "SecDataDir", cmd_data_dir, diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index d01ea2f1..d9c69171 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -401,7 +401,7 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) { for (i = 0; i < arr->nelts; i++) { if (strcasecmp(te[i].key, "Cookie") == 0) { if (msr->txcfg->cookie_format == COOKIES_V0) { - parse_cookies_v0(msr, te[i].val, msr->request_cookies); + parse_cookies_v0(msr, te[i].val, msr->request_cookies, msr->txcfg->cookiev0_separator); } else { parse_cookies_v1(msr, te[i].val, msr->request_cookies); } diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index bcbfec8b..8c2f91f5 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -467,6 +467,7 @@ struct directory_config { int cookie_format; int argument_separator; + const char *cookiev0_separator; int rule_inheritance; apr_array_header_t *rule_exceptions; diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c index dc43bef2..ebbac294 100644 --- a/apache2/msc_parsers.c +++ b/apache2/msc_parsers.c @@ -19,7 +19,7 @@ * */ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, - apr_table_t *cookies) + apr_table_t *cookies, const char *delim) { char *attr_name = NULL, *attr_value = NULL; char *cookie_header; @@ -35,7 +35,8 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, cookie_header = strdup(_cookie_header); if (cookie_header == NULL) return -1; - p = apr_strtok(cookie_header, ";", &saveptr); + p = apr_strtok(cookie_header, delim, &saveptr); + while(p != NULL) { attr_name = NULL; attr_value = NULL; @@ -57,14 +58,14 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, if (attr_value != NULL) { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value \"%s\"", - log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); + log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); } apr_table_add(cookies, attr_name, attr_value); } else { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value empty", - log_escape(msr->mp, attr_name)); + log_escape(msr->mp, attr_name)); } apr_table_add(cookies, attr_name, ""); @@ -73,7 +74,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, cookie_count++; } - p = apr_strtok(NULL, ";", &saveptr); + p = apr_strtok(NULL, delim, &saveptr); } free(cookie_header); @@ -84,7 +85,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, * */ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, - apr_table_t *cookies) + apr_table_t *cookies) { char *attr_name = NULL, *attr_value = NULL, *p = NULL; char *prev_attr_name = NULL; @@ -162,7 +163,7 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, } } - add_cookie: +add_cookie: /* remove the whitespace from the end of cookie name */ if (attr_name != NULL) { @@ -193,14 +194,14 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, if (attr_value != NULL) { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value \"%s\"", - log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); + log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value)); } apr_table_add(cookies, attr_name, attr_value); } else { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request cookie: name \"%s\", value empty", - log_escape(msr->mp, attr_name)); + log_escape(msr->mp, attr_name)); } apr_table_add(cookies, attr_name, ""); @@ -227,8 +228,8 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, * */ int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength, - int argument_separator, const char *origin, - apr_table_t *arguments, int *invalid_count) + int argument_separator, const char *origin, + apr_table_t *arguments, int *invalid_count) { msc_arg *arg; apr_size_t i, j; @@ -333,8 +334,8 @@ void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg) { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"", - arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len), - log_escape_ex(msr->mp, arg->value, arg->value_len)); + arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len), + log_escape_ex(msr->mp, arg->value, arg->value_len)); } apr_table_addn(arguments, log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *)arg); diff --git a/apache2/msc_parsers.h b/apache2/msc_parsers.h index 8df84fca..41a9e392 100644 --- a/apache2/msc_parsers.h +++ b/apache2/msc_parsers.h @@ -17,7 +17,8 @@ #include "modsecurity.h" -int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies); +int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies, + const char *delim); int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);