diff options
Diffstat (limited to 'src/microhttpd/connection.c')
-rw-r--r-- | src/microhttpd/connection.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 1c6070e8..b983e7ed 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -2850,7 +2850,7 @@ parse_cookies_string (char *str, | |||
2850 | /* Allow whitespaces around '=' character */ | 2850 | /* Allow whitespaces around '=' character */ |
2851 | const bool wsp_around_eq = (-3 >= connection->daemon->client_discipline); | 2851 | const bool wsp_around_eq = (-3 >= connection->daemon->client_discipline); |
2852 | /* Allow whitespaces in quoted cookie value */ | 2852 | /* Allow whitespaces in quoted cookie value */ |
2853 | const bool wsp_in_quoted = (0 >= connection->daemon->client_discipline); | 2853 | const bool wsp_in_quoted = (-2 >= connection->daemon->client_discipline); |
2854 | /* Allow tab as space after semicolon between cookies */ | 2854 | /* Allow tab as space after semicolon between cookies */ |
2855 | const bool tab_as_sp = (0 >= connection->daemon->client_discipline); | 2855 | const bool tab_as_sp = (0 >= connection->daemon->client_discipline); |
2856 | /* Allow no space after semicolon between cookies */ | 2856 | /* Allow no space after semicolon between cookies */ |
@@ -3048,8 +3048,10 @@ parse_cookie_header (struct MHD_Connection *connection) | |||
3048 | char *cpy; | 3048 | char *cpy; |
3049 | size_t i; | 3049 | size_t i; |
3050 | enum _MHD_ParseCookie parse_res; | 3050 | enum _MHD_ParseCookie parse_res; |
3051 | const struct MHD_HTTP_Req_Header *const saved_tail = | 3051 | struct MHD_HTTP_Req_Header *const saved_tail = |
3052 | connection->rq.headers_received_tail; | 3052 | connection->rq.headers_received_tail; |
3053 | const bool allow_partially_correct_cookie = | ||
3054 | (1 >= connection->daemon->client_discipline); | ||
3053 | 3055 | ||
3054 | if (MHD_NO == | 3056 | if (MHD_NO == |
3055 | MHD_lookup_connection_value_n (connection, | 3057 | MHD_lookup_connection_value_n (connection, |
@@ -3097,9 +3099,22 @@ parse_cookie_header (struct MHD_Connection *connection) | |||
3097 | case MHD_PARSE_COOKIE_MALFORMED: | 3099 | case MHD_PARSE_COOKIE_MALFORMED: |
3098 | #ifdef HAVE_MESSAGES | 3100 | #ifdef HAVE_MESSAGES |
3099 | if (saved_tail != connection->rq.headers_received_tail) | 3101 | if (saved_tail != connection->rq.headers_received_tail) |
3100 | MHD_DLOG (connection->daemon, | 3102 | { |
3101 | _ ("The Cookie header has been only partially parsed as it " | 3103 | if (allow_partially_correct_cookie) |
3102 | "contains malformed data.\n")); | 3104 | MHD_DLOG (connection->daemon, |
3105 | _ ("The Cookie header has been only partially parsed as it " | ||
3106 | "contains malformed data.\n")); | ||
3107 | else | ||
3108 | { | ||
3109 | /* Remove extracted values from partially broken cookie */ | ||
3110 | /* Memory remains allocated until the end of the request processing */ | ||
3111 | connection->rq.headers_received_tail = saved_tail; | ||
3112 | saved_tail->next = NULL; | ||
3113 | MHD_DLOG (connection->daemon, | ||
3114 | _ ("The Cookie header has been ignored as it contains " | ||
3115 | "malformed data.\n")); | ||
3116 | } | ||
3117 | } | ||
3103 | else | 3118 | else |
3104 | MHD_DLOG (connection->daemon, | 3119 | MHD_DLOG (connection->daemon, |
3105 | _ ("The Cookie header has malformed data.\n")); | 3120 | _ ("The Cookie header has malformed data.\n")); |