MODSEC-261

apache2/apache2_config.c

@@ -64,6 +64,7 @@ void *create_directory_config(apr_pool_t *mp, char *path)
 
     dcfg->cookie_format = NOT_SET;
     dcfg->argument_separator = NOT_SET;
+    dcfg->cookiev0_separator = NOT_SET_P;
 
     dcfg->rule_inheritance = NOT_SET;
     dcfg->rule_exceptions = apr_array_make(mp, 16, sizeof(rule_exception *));
@@ -366,6 +367,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
         ? parent->cookie_format : child->cookie_format);
     merged->argument_separator = (child->argument_separator == NOT_SET
         ? parent->argument_separator : child->argument_separator);
+    merged->cookiev0_separator = (child->cookiev0_separator == NOT_SET_P
+        ? parent->cookiev0_separator : child->cookiev0_separator);
 
 
     /* rule inheritance */
@@ -627,6 +630,7 @@ void init_directory_config(directory_config *dcfg)
 
     if (dcfg->cookie_format == NOT_SET) dcfg->cookie_format = 0;
     if (dcfg->argument_separator == NOT_SET) dcfg->argument_separator = '&';
+    if (dcfg->cookiev0_separator == NOT_SET_P) dcfg->cookiev0_separator = ";";
 
     if (dcfg->rule_inheritance == NOT_SET) dcfg->rule_inheritance = 1;
 
@@ -1098,6 +1102,21 @@ static const char *cmd_argument_separator(cmd_parms *cmd, void *_dcfg,
     return NULL;
 }
 
+static const char *cmd_cookiev0_separator(cmd_parms *cmd, void *_dcfg,
+        const char *p1)
+{
+    directory_config *dcfg = (directory_config *)_dcfg;
+
+    if (strlen(p1) != 1) {
+        return apr_psprintf(cmd->pool, "ModSecurity: Invalid cookie v0 separator: %s", p1);
+    }
+
+    dcfg->cookiev0_separator = p1;
+
+    return NULL;
+}
+
+
 static const char *cmd_audit_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
 {
     directory_config *dcfg = _dcfg;
@@ -2913,6 +2932,14 @@ const command_rec module_directives[] = {
         "version of the Cookie specification to use for parsing. Possible values are 0 and 1."
     ),
 
+    AP_INIT_TAKE1 (
+        "SecCookieV0Separator",
+        cmd_cookiev0_separator,
+        NULL,
+        CMD_SCOPE_ANY,
+        "character that will be used as separator when parsing cookie v0 content."
+    ),
+
     AP_INIT_TAKE1 (
         "SecDataDir",
         cmd_data_dir,

apache2/modsecurity.c

@@ -401,7 +401,7 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
     for (i = 0; i < arr->nelts; i++) {
         if (strcasecmp(te[i].key, "Cookie") == 0) {
             if (msr->txcfg->cookie_format == COOKIES_V0) {
-                parse_cookies_v0(msr, te[i].val, msr->request_cookies);
+                parse_cookies_v0(msr, te[i].val, msr->request_cookies, msr->txcfg->cookiev0_separator);
             } else {
                 parse_cookies_v1(msr, te[i].val, msr->request_cookies);
             }

apache2/modsecurity.h

@@ -467,6 +467,7 @@ struct directory_config {
 
     int                  cookie_format;
     int                  argument_separator;
+    const char           *cookiev0_separator;
 
     int                  rule_inheritance;
     apr_array_header_t  *rule_exceptions;

apache2/msc_parsers.c

@@ -19,7 +19,7 @@
  *
  */
 int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
-                     apr_table_t *cookies)
+                     apr_table_t *cookies, const char *delim)
 {
     char *attr_name = NULL, *attr_value = NULL;
     char *cookie_header;
@@ -35,7 +35,8 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
     cookie_header = strdup(_cookie_header);
     if (cookie_header == NULL) return -1;
 
-    p = apr_strtok(cookie_header, ";", &saveptr);
+    p = apr_strtok(cookie_header, delim, &saveptr);
+
     while(p != NULL) {
         attr_name = NULL;
         attr_value = NULL;
@@ -57,14 +58,14 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
             if (attr_value != NULL) {
                 if (msr->txcfg->debuglog_level >= 5) {
                     msr_log(msr, 5, "Adding request cookie: name \"%s\", value \"%s\"",
-                        log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value));
+                            log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value));
                 }
 
                 apr_table_add(cookies, attr_name, attr_value);
             } else {
                 if (msr->txcfg->debuglog_level >= 5) {
                     msr_log(msr, 5, "Adding request cookie: name \"%s\", value empty",
-                        log_escape(msr->mp, attr_name));
+                            log_escape(msr->mp, attr_name));
                 }
 
                 apr_table_add(cookies, attr_name, "");
@@ -73,7 +74,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
             cookie_count++;
         }
 
-        p = apr_strtok(NULL, ";", &saveptr);
+        p = apr_strtok(NULL, delim, &saveptr);
     }
 
     free(cookie_header);
@@ -84,7 +85,7 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
  *
  */
 int parse_cookies_v1(modsec_rec *msr, char *_cookie_header,
-                     apr_table_t *cookies)
+        apr_table_t *cookies)
 {
     char *attr_name = NULL, *attr_value = NULL, *p = NULL;
     char *prev_attr_name = NULL;
@@ -162,7 +163,7 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header,
             }
         }
 
-    add_cookie:
+add_cookie:
 
         /* remove the whitespace from the end of cookie name */
         if (attr_name != NULL) {
@@ -193,14 +194,14 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header,
             if (attr_value != NULL) {
                 if (msr->txcfg->debuglog_level >= 5) {
                     msr_log(msr, 5, "Adding request cookie: name \"%s\", value \"%s\"",
-                        log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value));
+                            log_escape(msr->mp, attr_name), log_escape(msr->mp, attr_value));
                 }
 
                 apr_table_add(cookies, attr_name, attr_value);
             } else {
                 if (msr->txcfg->debuglog_level >= 5) {
                     msr_log(msr, 5, "Adding request cookie: name \"%s\", value empty",
-                        log_escape(msr->mp, attr_name));
+                            log_escape(msr->mp, attr_name));
                 }
 
                 apr_table_add(cookies, attr_name, "");
@@ -227,8 +228,8 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header,
  *
  */
 int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
-    int argument_separator, const char *origin,
-    apr_table_t *arguments, int *invalid_count)
+        int argument_separator, const char *origin,
+        apr_table_t *arguments, int *invalid_count)
 {
     msc_arg *arg;
     apr_size_t i, j;
@@ -333,8 +334,8 @@ void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg)
 {
     if (msr->txcfg->debuglog_level >= 5) {
         msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"",
-            arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len),
-            log_escape_ex(msr->mp, arg->value, arg->value_len));
+                arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len),
+                log_escape_ex(msr->mp, arg->value, arg->value_len));
     }
 
     apr_table_addn(arguments, log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *)arg);

apache2/msc_parsers.h

@@ -17,7 +17,8 @@
 
 #include "modsecurity.h"
 
-int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);
+int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies,
+    const char *delim);
 
 int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);