You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by hu...@apache.org on 2014/03/27 11:58:36 UTC

svn commit: r1582253 - /httpd/httpd/trunk/modules/lua/lua_request.c

Author: humbedooh
Date: Thu Mar 27 10:58:35 2014
New Revision: 1582253

URL: http://svn.apache.org/r1582253
Log:
mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies.

Modified:
    httpd/httpd/trunk/modules/lua/lua_request.c

Modified: httpd/httpd/trunk/modules/lua/lua_request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?rev=1582253&r1=1582252&r2=1582253&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/lua/lua_request.c (original)
+++ httpd/httpd/trunk/modules/lua/lua_request.c Thu Mar 27 10:58:35 2014
@@ -2057,6 +2057,10 @@ static int lua_set_cookie(lua_State *L) 
         strdomain = apr_psprintf(r->pool, "Domain=%s;", domain);
     }
     
+    /* URL-encode key/value */
+    value = ap_escape_urlencoded(r->pool, value);
+    key = ap_escape_urlencoded(r->pool, key);
+    
     /* Create the header */
     out = apr_psprintf(r->pool, "%s=%s; %s %s %s %s %s", key, value, 
             secure ? "Secure;" : "",