Added SecCookieV0Separator

apache2/apache2_config.c

@@ -64,6 +64,7 @@ void *create_directory_config(apr_pool_t *mp, char *path)
 
     dcfg->cookie_format = NOT_SET;
     dcfg->argument_separator = NOT_SET;
+    dcfg->cookiev0_separator = NOT_SET_P;
 
     dcfg->rule_inheritance = NOT_SET;
     dcfg->rule_exceptions = apr_array_make(mp, 16, sizeof(rule_exception *));
@@ -366,6 +367,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
         ? parent->cookie_format : child->cookie_format);
     merged->argument_separator = (child->argument_separator == NOT_SET
         ? parent->argument_separator : child->argument_separator);
+    merged->cookiev0_separator = (child->cookiev0_separator == NOT_SET_P
+        ? parent->cookiev0_separator : child->cookiev0_separator);
 
 
     /* rule inheritance */
@@ -627,6 +630,7 @@ void init_directory_config(directory_config *dcfg)
 
     if (dcfg->cookie_format == NOT_SET) dcfg->cookie_format = 0;
     if (dcfg->argument_separator == NOT_SET) dcfg->argument_separator = '&';
+    if (dcfg->cookiev0_separator == NOT_SET_P) dcfg->cookiev0_separator = NULL;
 
     if (dcfg->rule_inheritance == NOT_SET) dcfg->rule_inheritance = 1;
 
@@ -1084,6 +1088,20 @@ static const char *cmd_marker(cmd_parms *cmd, void *_dcfg, const char *p1)
     return add_marker(cmd, (directory_config *)_dcfg, SECMARKER_TARGETS, SECMARKER_ARGS, action);
 }
 
+static const char *cmd_cookiev0_separator(cmd_parms *cmd, void *_dcfg,
+        const char *p1)
+{
+    directory_config *dcfg = (directory_config *)_dcfg;
+
+    if (strlen(p1) != 1) {
+        return apr_psprintf(cmd->pool, "ModSecurity: Invalid cookie v0 separator: %s", p1);
+    }
+
+    dcfg->cookiev0_separator = p1;
+
+    return NULL;
+}
+
 static const char *cmd_argument_separator(cmd_parms *cmd, void *_dcfg,
         const char *p1)
 {
@@ -2785,6 +2803,14 @@ const command_rec module_directives[] = {
         "character that will be used as separator when parsing application/x-www-form-urlencoded content."
     ),
 
+    AP_INIT_TAKE1 (
+        "SecCookiev0Separator",
+        cmd_cookiev0_separator,
+        NULL,
+        CMD_SCOPE_ANY,
+        "character that will be used as separator when parsing cookie v0 content."
+    ),
+
     AP_INIT_TAKE1 (
         "SecAuditEngine",
         cmd_audit_engine,

apache2/modsecurity.h

@@ -468,6 +468,7 @@ struct directory_config {
 
     int                  cookie_format;
     int                  argument_separator;
+    const char           *cookiev0_separator;
 
     int                  rule_inheritance;
     apr_array_header_t  *rule_exceptions;

apache2/msc_parsers.c

@@ -35,7 +35,11 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
     cookie_header = strdup(_cookie_header);
     if (cookie_header == NULL) return -1;
 
+    if(msr->txcfg->cookiev0_separator == NULL) {
         p = apr_strtok(cookie_header, delim, &saveptr);
+    } else {
+        p = apr_strtok(cookie_header, msr->txcfg->cookiev0_separator, &saveptr);
+    }
 
     while(p != NULL) {
         attr_name = NULL;
@@ -74,7 +78,11 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
             cookie_count++;
         }
 
+        if(msr->txcfg->cookiev0_separator == NULL) {
             p = apr_strtok(NULL, delim, &saveptr);
+        } else {
+            p = apr_strtok(NULL, msr->txcfg->cookiev0_separator, &saveptr);
+        }
     }
 
     free(cookie_header);