Added SecCookieV0Separator

2025-08-14 13:56:01 +03:00 · 2013-01-26 18:45:34 -04:00 · 2013-01-26 18:45:34 -04:00 · eabc39ad83
commit eabc39ad83
parent b3418be75f
3 changed files with 37 additions and 2 deletions
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@ -64,6 +64,7 @@ void *create_directory_config(apr_pool_t *mp, char *path)

    dcfg->cookie_format = NOT_SET;
    dcfg->argument_separator = NOT_SET;
+    dcfg->cookiev0_separator = NOT_SET_P;

    dcfg->rule_inheritance = NOT_SET;
    dcfg->rule_exceptions = apr_array_make(mp, 16, sizeof(rule_exception *));
@ -366,6 +367,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
        ? parent->cookie_format : child->cookie_format);
    merged->argument_separator = (child->argument_separator == NOT_SET
        ? parent->argument_separator : child->argument_separator);
+    merged->cookiev0_separator = (child->cookiev0_separator == NOT_SET_P
+        ? parent->cookiev0_separator : child->cookiev0_separator);


    /* rule inheritance */
@ -627,6 +630,7 @@ void init_directory_config(directory_config *dcfg)

    if (dcfg->cookie_format == NOT_SET) dcfg->cookie_format = 0;
    if (dcfg->argument_separator == NOT_SET) dcfg->argument_separator = '&';
+    if (dcfg->cookiev0_separator == NOT_SET_P) dcfg->cookiev0_separator = NULL;

    if (dcfg->rule_inheritance == NOT_SET) dcfg->rule_inheritance = 1;

@ -1084,6 +1088,20 @@ static const char *cmd_marker(cmd_parms *cmd, void *_dcfg, const char *p1)
    return add_marker(cmd, (directory_config *)_dcfg, SECMARKER_TARGETS, SECMARKER_ARGS, action);
 }

+static const char *cmd_cookiev0_separator(cmd_parms *cmd, void *_dcfg,
+        const char *p1)
+{
+    directory_config *dcfg = (directory_config *)_dcfg;
+
+    if (strlen(p1) != 1) {
+        return apr_psprintf(cmd->pool, "ModSecurity: Invalid cookie v0 separator: %s", p1);
+    }
+
+    dcfg->cookiev0_separator = p1;
+
+    return NULL;
+}
+
 static const char *cmd_argument_separator(cmd_parms *cmd, void *_dcfg,
        const char *p1)
 {
@ -2785,6 +2803,14 @@ const command_rec module_directives[] = {
        "character that will be used as separator when parsing application/x-www-form-urlencoded content."
    ),

+    AP_INIT_TAKE1 (
+        "SecCookiev0Separator",
+        cmd_cookiev0_separator,
+        NULL,
+        CMD_SCOPE_ANY,
+        "character that will be used as separator when parsing cookie v0 content."
+    ),
+
    AP_INIT_TAKE1 (
        "SecAuditEngine",
        cmd_audit_engine,
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@ -468,6 +468,7 @@ struct directory_config {

    int                  cookie_format;
    int                  argument_separator;
+    const char           *cookiev0_separator;

    int                  rule_inheritance;
    apr_array_header_t  *rule_exceptions;
--- a/apache2/msc_parsers.c
+++ b/apache2/msc_parsers.c
@ -35,7 +35,11 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
    cookie_header = strdup(_cookie_header);
    if (cookie_header == NULL) return -1;

+    if(msr->txcfg->cookiev0_separator == NULL) {
        p = apr_strtok(cookie_header, delim, &saveptr);
+    } else {
+        p = apr_strtok(cookie_header, msr->txcfg->cookiev0_separator, &saveptr);
+    }

    while(p != NULL) {
        attr_name = NULL;
@ -74,7 +78,11 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
            cookie_count++;
        }

+        if(msr->txcfg->cookiev0_separator == NULL) {
            p = apr_strtok(NULL, delim, &saveptr);
+        } else {
+            p = apr_strtok(NULL, msr->txcfg->cookiev0_separator, &saveptr);
+        }
    }

    free(cookie_header);