1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
$NetBSD: patch-am,v 1.1 2009/09/13 01:00:16 taca Exp $
* A patch for CVE-2009-2855 DoS fix from squid's repositry: PatchSet 12541.
--- src/HttpHeaderTools.c.orig 2008-04-02 10:00:11.000000000 +0900
+++ src/HttpHeaderTools.c
@@ -239,6 +239,10 @@ int
strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos)
{
size_t len;
+ /* ',' is always enabled as field delimiter as this is required for
+ * processing merged header values properly, even if Cookie normally
+ * uses ';' as delimiter.
+ */
static char delim[3][8] =
{
"\"?,",
@@ -261,16 +265,15 @@ strListGetItem(const String * str, char
/* find next delimiter */
do {
*pos += strcspn(*pos, delim[quoted]);
- if (**pos == del)
- break;
if (**pos == '"') {
quoted = !quoted;
*pos += 1;
- }
- if (quoted && **pos == '\\') {
+ } else if (quoted && **pos == '\\') {
*pos += 1;
if (**pos)
*pos += 1;
+ } else {
+ break; /* Delimiter found, marking the end of this value */
}
} while (**pos);
len = *pos - *item; /* *pos points to del or '\0' */
|
