diff options
Diffstat (limited to 'src/microhttpd/connection.c')
| -rw-r--r-- | src/microhttpd/connection.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 1c6070e8..b983e7ed 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
| @@ -2850,7 +2850,7 @@ parse_cookies_string (char *str, | |||
| 2850 | /* Allow whitespaces around '=' character */ | 2850 | /* Allow whitespaces around '=' character */ |
| 2851 | const bool wsp_around_eq = (-3 >= connection->daemon->client_discipline); | 2851 | const bool wsp_around_eq = (-3 >= connection->daemon->client_discipline); |
| 2852 | /* Allow whitespaces in quoted cookie value */ | 2852 | /* Allow whitespaces in quoted cookie value */ |
| 2853 | const bool wsp_in_quoted = (0 >= connection->daemon->client_discipline); | 2853 | const bool wsp_in_quoted = (-2 >= connection->daemon->client_discipline); |
| 2854 | /* Allow tab as space after semicolon between cookies */ | 2854 | /* Allow tab as space after semicolon between cookies */ |
| 2855 | const bool tab_as_sp = (0 >= connection->daemon->client_discipline); | 2855 | const bool tab_as_sp = (0 >= connection->daemon->client_discipline); |
| 2856 | /* Allow no space after semicolon between cookies */ | 2856 | /* Allow no space after semicolon between cookies */ |
| @@ -3048,8 +3048,10 @@ parse_cookie_header (struct MHD_Connection *connection) | |||
| 3048 | char *cpy; | 3048 | char *cpy; |
| 3049 | size_t i; | 3049 | size_t i; |
| 3050 | enum _MHD_ParseCookie parse_res; | 3050 | enum _MHD_ParseCookie parse_res; |
| 3051 | const struct MHD_HTTP_Req_Header *const saved_tail = | 3051 | struct MHD_HTTP_Req_Header *const saved_tail = |
| 3052 | connection->rq.headers_received_tail; | 3052 | connection->rq.headers_received_tail; |
| 3053 | const bool allow_partially_correct_cookie = | ||
| 3054 | (1 >= connection->daemon->client_discipline); | ||
| 3053 | 3055 | ||
| 3054 | if (MHD_NO == | 3056 | if (MHD_NO == |
| 3055 | MHD_lookup_connection_value_n (connection, | 3057 | MHD_lookup_connection_value_n (connection, |
| @@ -3097,9 +3099,22 @@ parse_cookie_header (struct MHD_Connection *connection) | |||
| 3097 | case MHD_PARSE_COOKIE_MALFORMED: | 3099 | case MHD_PARSE_COOKIE_MALFORMED: |
| 3098 | #ifdef HAVE_MESSAGES | 3100 | #ifdef HAVE_MESSAGES |
| 3099 | if (saved_tail != connection->rq.headers_received_tail) | 3101 | if (saved_tail != connection->rq.headers_received_tail) |
| 3100 | MHD_DLOG (connection->daemon, | 3102 | { |
| 3101 | _ ("The Cookie header has been only partially parsed as it " | 3103 | if (allow_partially_correct_cookie) |
| 3102 | "contains malformed data.\n")); | 3104 | MHD_DLOG (connection->daemon, |
| 3105 | _ ("The Cookie header has been only partially parsed as it " | ||
| 3106 | "contains malformed data.\n")); | ||
| 3107 | else | ||
| 3108 | { | ||
| 3109 | /* Remove extracted values from partially broken cookie */ | ||
| 3110 | /* Memory remains allocated until the end of the request processing */ | ||
| 3111 | connection->rq.headers_received_tail = saved_tail; | ||
| 3112 | saved_tail->next = NULL; | ||
| 3113 | MHD_DLOG (connection->daemon, | ||
| 3114 | _ ("The Cookie header has been ignored as it contains " | ||
| 3115 | "malformed data.\n")); | ||
| 3116 | } | ||
| 3117 | } | ||
| 3103 | else | 3118 | else |
| 3104 | MHD_DLOG (connection->daemon, | 3119 | MHD_DLOG (connection->daemon, |
| 3105 | _ ("The Cookie header has malformed data.\n")); | 3120 | _ ("The Cookie header has malformed data.\n")); |