diff options
| author | Vadim Zhestikov <v.zhestikov@f5.com> | 2025-12-18 16:45:21 -0800 |
|---|---|---|
| committer | VadimZhestikov <108960056+VadimZhestikov@users.noreply.github.com> | 2026-02-12 10:52:20 -0800 |
| commit | bf0508fabfbfa2fa778edbf5b94d5c54a952156d (patch) | |
| tree | c1978a862f43a3acc585263c63a8b106ac3a667e /src/http/ngx_http_parse.c | |
| parent | f8e1bc5b9821eba7995905fe46c8ca383b5ea782 (diff) | |
| download | nginx-bf0508fabfbfa2fa778edbf5b94d5c54a952156d.tar.gz nginx-bf0508fabfbfa2fa778edbf5b94d5c54a952156d.tar.bz2 | |
Improved $cookie_ evaluation.
In case "Cookie" header is sent by client, multiple cookie pairs were
incorrectly split by a semicolon and comma.
Now they are split by a semicolon only.
For example, next variables will be found for "Cookie: a=b, c=d; e=f":
- $cookie_a: "b, c=d"
- $cookie_e: "f"
Closes #1042 on GitHub.
Diffstat (limited to 'src/http/ngx_http_parse.c')
| -rw-r--r-- | src/http/ngx_http_parse.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index e60dc425e..81f689e5b 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -10,6 +10,10 @@ #include <ngx_http.h> +static ngx_table_elt_t *ngx_http_parse_multi_header_lines_internal( + ngx_http_request_t *r, ngx_table_elt_t *headers, ngx_str_t *name, + ngx_str_t *value, u_char sep); + static uint32_t usual[] = { 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ @@ -1998,6 +2002,24 @@ ngx_table_elt_t * ngx_http_parse_multi_header_lines(ngx_http_request_t *r, ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value) { + return ngx_http_parse_multi_header_lines_internal(r, headers, name, value, + ','); +} + + +ngx_table_elt_t * +ngx_http_parse_cookie_lines(ngx_http_request_t *r, + ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value) +{ + return ngx_http_parse_multi_header_lines_internal(r, headers, name, value, + ';'); +} + + +static ngx_table_elt_t * +ngx_http_parse_multi_header_lines_internal(ngx_http_request_t *r, + ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value, u_char sep) +{ u_char *start, *last, *end, ch; ngx_table_elt_t *h; @@ -2024,7 +2046,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r, } if (value == NULL) { - if (start == end || *start == ',') { + if (start == end || *start == sep) { return h; } @@ -2038,7 +2060,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r, while (start < end && *start == ' ') { start++; } - for (last = start; last < end && *last != ';'; last++) { + for (last = start; last < end && *last != sep; last++) { /* void */ } @@ -2051,7 +2073,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r, while (start < end) { ch = *start++; - if (ch == ';' || ch == ',') { + if (ch == sep) { break; } } |