From c2fbff6d0ecd01bca8e3a7657ea2fb9d1fc85fd5 Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@cesanta.com>
Date: Mon, 9 Apr 2018 22:40:39 +0100
Subject: [PATCH] Fix mg_http_parse_header
Per standard, cookies are delimited by `; `.
CL: Fix mg_http_parse_header: treat ";" as a delimiter.
PUBLISHED_FROM=039243c30f5fabf4a4700a43506f841b3268306a
---
mongoose.c | 6 +++---
src/mg_http.c | 6 +++---
test/unit_test.c | 5 ++++-
3 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/mongoose.c b/mongoose.c
index 1db2ab106..534009b74 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -7208,7 +7208,7 @@ void mg_printf_html_escape(struct mg_connection *nc, const char *fmt, ...) {
static void mg_http_parse_header_internal(struct mg_str *hdr,
const char *var_name,
struct altbuf *ab) {
- int ch = ' ', ch1 = ',', n = strlen(var_name);
+ int ch = ' ', ch1 = ',', ch2 = ';', n = strlen(var_name);
const char *p, *end = hdr ? hdr->p + hdr->len : NULL, *s = NULL;
/* Find where variable starts */
@@ -7221,10 +7221,10 @@ static void mg_http_parse_header_internal(struct mg_str *hdr,
if (s != NULL && &s[n + 1] < end) {
s += n + 1;
if (*s == '"' || *s == '\'') {
- ch = ch1 = *s++;
+ ch = ch1 = ch2 = *s++;
}
p = s;
- while (p < end && p[0] != ch && p[0] != ch1) {
+ while (p < end && p[0] != ch && p[0] != ch1 && p[0] != ch2) {
if (ch != ' ' && p[0] == '\\' && p[1] == ch) p++;
altbuf_append(ab, *p++);
}
diff --git a/src/mg_http.c b/src/mg_http.c
index 1fd27d2ac..57531c967 100644
--- a/src/mg_http.c
+++ b/src/mg_http.c
@@ -1644,7 +1644,7 @@ void mg_printf_html_escape(struct mg_connection *nc, const char *fmt, ...) {
static void mg_http_parse_header_internal(struct mg_str *hdr,
const char *var_name,
struct altbuf *ab) {
- int ch = ' ', ch1 = ',', n = strlen(var_name);
+ int ch = ' ', ch1 = ',', ch2 = ';', n = strlen(var_name);
const char *p, *end = hdr ? hdr->p + hdr->len : NULL, *s = NULL;
/* Find where variable starts */
@@ -1657,10 +1657,10 @@ static void mg_http_parse_header_internal(struct mg_str *hdr,
if (s != NULL && &s[n + 1] < end) {
s += n + 1;
if (*s == '"' || *s == '\'') {
- ch = ch1 = *s++;
+ ch = ch1 = ch2 = *s++;
}
p = s;
- while (p < end && p[0] != ch && p[0] != ch1) {
+ while (p < end && p[0] != ch && p[0] != ch1 && p[0] != ch2) {
if (ch != ' ' && p[0] == '\\' && p[1] == ch) p++;
altbuf_append(ab, *p++);
}
diff --git a/test/unit_test.c b/test/unit_test.c
index 446217b1c..f496b27c5 100644
--- a/test/unit_test.c
+++ b/test/unit_test.c
@@ -4973,7 +4973,7 @@ static const char *test_buffer_limit(void) {
static const char *test_http_parse_header(void) {
static struct mg_str h = MG_MK_STR(
- "xx=1 kl yy, ert=234 kl=123, "
+ "xx=1 kl yy, ert=234 kl=123, qq=ww;"
"uri=\"/?naii=x,y\";ii=\"12\\\"34\" zz='aa bb',tt=2,gf=\"xx d=1234");
char buf[20];
char *buf2;
@@ -5021,6 +5021,9 @@ static const char *test_http_parse_header(void) {
ASSERT_EQ(mg_http_parse_header(&h, "tt", buf, sizeof(buf)), 1);
ASSERT_STREQ(buf, "2");
ASSERT(mg_http_parse_header(&h, "uri", buf, sizeof(buf)) > 0);
+ ASSERT_STREQ(buf, "/?naii=x,y");
+ ASSERT(mg_http_parse_header(&h, "qq", buf, sizeof(buf)) > 0);
+ ASSERT_STREQ(buf, "ww");
return NULL;
}
--
GitLab