From bf0508fabfbfa2fa778edbf5b94d5c54a952156d Mon Sep 17 00:00:00 2001
From: Vadim Zhestikov <v.zhestikov@f5.com>
Date: Thu, 18 Dec 2025 16:45:21 -0800
Subject: Improved $cookie_ evaluation.

In case "Cookie" header is sent by client, multiple cookie pairs were
incorrectly split by a semicolon and comma.

Now they are split by a semicolon only.

For example, next variables will be found for "Cookie: a=b, c=d; e=f":
- $cookie_a: "b, c=d"
- $cookie_e: "f"

Closes #1042 on GitHub.
---
 src/http/ngx_http_parse.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

(limited to 'src/http/ngx_http_parse.c')

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index e60dc425e..81f689e5b 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -10,6 +10,10 @@
 #include <ngx_http.h>
 
 
+static ngx_table_elt_t *ngx_http_parse_multi_header_lines_internal(
+    ngx_http_request_t *r, ngx_table_elt_t *headers, ngx_str_t *name,
+    ngx_str_t *value, u_char sep);
+
 static uint32_t  usual[] = {
     0x00000000, /* 0000 0000 0000 0000  0000 0000 0000 0000 */
 
@@ -1997,6 +2001,24 @@ unsafe:
 ngx_table_elt_t *
 ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
     ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value)
+{
+    return ngx_http_parse_multi_header_lines_internal(r, headers, name, value,
+                                                      ',');
+}
+
+
+ngx_table_elt_t *
+ngx_http_parse_cookie_lines(ngx_http_request_t *r,
+    ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value)
+{
+    return ngx_http_parse_multi_header_lines_internal(r, headers, name, value,
+                                                      ';');
+}
+
+
+static ngx_table_elt_t *
+ngx_http_parse_multi_header_lines_internal(ngx_http_request_t *r,
+    ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value, u_char sep)
 {
     u_char           *start, *last, *end, ch;
     ngx_table_elt_t  *h;
@@ -2024,7 +2046,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
             }
 
             if (value == NULL) {
-                if (start == end || *start == ',') {
+                if (start == end || *start == sep) {
                     return h;
                 }
 
@@ -2038,7 +2060,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
 
             while (start < end && *start == ' ') { start++; }
 
-            for (last = start; last < end && *last != ';'; last++) {
+            for (last = start; last < end && *last != sep; last++) {
                 /* void */
             }
 
@@ -2051,7 +2073,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
 
             while (start < end) {
                 ch = *start++;
-                if (ch == ';' || ch == ',') {
+                if (ch == sep) {
                     break;
                 }
             }
-- 
cgit