github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix Cookie header parsing issues

Browse Source
This commit is contained in:
martinhsv
2019-11-14 08:14:04 -08:00
committed by Felipe Zimmerle
parent 7ba77631f9
commit b8160cce6b
3 changed files with 58 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/transaction.cc
View File

@@ -549,7 +549,18 @@ int Transaction::addRequestHeader(const std::string& key,
if (keyl == "cookie") {
size_t localOffset = m_variableOffset;
size_t pos;
std::vector<std::string> cookies = utils::string::ssplit(value, ';');
// Get rid of any optional whitespace after the cookie-string
// (i.e. after the end of the final cookie-pair)
if (!cookies.empty()) {
std::string& final_cookie_pair = cookies.back();
while (!final_cookie_pair.empty() && isspace(final_cookie_pair.back())) {
final_cookie_pair.pop_back();
}
}
for (const std::string &c : cookies) {
// skip empty substring, eg "Cookie: ;;foo=bar"
if (c.empty() == true) {