From eabc39ad838b0a77d3559b5c382b02bc8cd31a9a Mon Sep 17 00:00:00 2001 From: Breno Silva Date: Sat, 26 Jan 2013 18:45:34 -0400 Subject: [PATCH] Added SecCookieV0Separator --- apache2/apache2_config.c | 26 ++++++++++++++++++++++++++ apache2/modsecurity.h | 1 + apache2/msc_parsers.c | 12 ++++++++++-- 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index 830070a8..19030752 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -64,6 +64,7 @@ void *create_directory_config(apr_pool_t *mp, char *path) dcfg->cookie_format = NOT_SET; dcfg->argument_separator = NOT_SET; + dcfg->cookiev0_separator = NOT_SET_P; dcfg->rule_inheritance = NOT_SET; dcfg->rule_exceptions = apr_array_make(mp, 16, sizeof(rule_exception *)); @@ -366,6 +367,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) ? parent->cookie_format : child->cookie_format); merged->argument_separator = (child->argument_separator == NOT_SET ? parent->argument_separator : child->argument_separator); + merged->cookiev0_separator = (child->cookiev0_separator == NOT_SET_P + ? parent->cookiev0_separator : child->cookiev0_separator); /* rule inheritance */ @@ -627,6 +630,7 @@ void init_directory_config(directory_config *dcfg) if (dcfg->cookie_format == NOT_SET) dcfg->cookie_format = 0; if (dcfg->argument_separator == NOT_SET) dcfg->argument_separator = '&'; + if (dcfg->cookiev0_separator == NOT_SET_P) dcfg->cookiev0_separator = NULL; if (dcfg->rule_inheritance == NOT_SET) dcfg->rule_inheritance = 1; @@ -1084,6 +1088,20 @@ static const char *cmd_marker(cmd_parms *cmd, void *_dcfg, const char *p1) return add_marker(cmd, (directory_config *)_dcfg, SECMARKER_TARGETS, SECMARKER_ARGS, action); } +static const char *cmd_cookiev0_separator(cmd_parms *cmd, void *_dcfg, + const char *p1) +{ + directory_config *dcfg = (directory_config *)_dcfg; + + if (strlen(p1) != 1) { + return apr_psprintf(cmd->pool, "ModSecurity: Invalid cookie v0 separator: %s", p1); + } + + dcfg->cookiev0_separator = p1; + + return NULL; +} + static const char *cmd_argument_separator(cmd_parms *cmd, void *_dcfg, const char *p1) { @@ -2785,6 +2803,14 @@ const command_rec module_directives[] = { "character that will be used as separator when parsing application/x-www-form-urlencoded content." ), + AP_INIT_TAKE1 ( + "SecCookiev0Separator", + cmd_cookiev0_separator, + NULL, + CMD_SCOPE_ANY, + "character that will be used as separator when parsing cookie v0 content." + ), + AP_INIT_TAKE1 ( "SecAuditEngine", cmd_audit_engine, diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 8eb8af88..43406fab 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -468,6 +468,7 @@ struct directory_config { int cookie_format; int argument_separator; + const char *cookiev0_separator; int rule_inheritance; apr_array_header_t *rule_exceptions; diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c index ebbac294..ffa6d469 100644 --- a/apache2/msc_parsers.c +++ b/apache2/msc_parsers.c @@ -35,7 +35,11 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, cookie_header = strdup(_cookie_header); if (cookie_header == NULL) return -1; - p = apr_strtok(cookie_header, delim, &saveptr); + if(msr->txcfg->cookiev0_separator == NULL) { + p = apr_strtok(cookie_header, delim, &saveptr); + } else { + p = apr_strtok(cookie_header, msr->txcfg->cookiev0_separator, &saveptr); + } while(p != NULL) { attr_name = NULL; @@ -74,7 +78,11 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, cookie_count++; } - p = apr_strtok(NULL, delim, &saveptr); + if(msr->txcfg->cookiev0_separator == NULL) { + p = apr_strtok(NULL, delim, &saveptr); + } else { + p = apr_strtok(NULL, msr->txcfg->cookiev0_separator, &saveptr); + } } free(cookie_header);