Re: svn commit: r1856493 - in /httpd/httpd/trunk: CHANGES modules/cache/cache_storage.c modules/cache/cache_util.c modules/cache/cache_util.h

Thu, 28 Mar 2019 14:24:34 -0700 


On 03/28/2019 05:39 PM, [email protected] wrote:
> Author: ylavic
> Date: Thu Mar 28 16:39:39 2019
> New Revision: 1856493
> 
> URL: http://svn.apache.org/viewvc?rev=1856493&view=rev
> Log:
> mod_cache: Fix parsing of quoted Cache-Control token arguments. PR 63288.
> 
> Make cache_strqtok() return both the token and its unquoted argument (if any),
> or an error if the parsing fails.
> 
> Cache-Control integer values (max-age, max-stale, ...) can then be parsed w/o
> taking care of the (optional) quoting.
> 
> Suggested by: fielding
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/modules/cache/cache_storage.c
>     httpd/httpd/trunk/modules/cache/cache_util.c
>     httpd/httpd/trunk/modules/cache/cache_util.h
> 

> Modified: httpd/httpd/trunk/modules/cache/cache_util.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_util.c?rev=1856493&r1=1856492&r2=1856493&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/cache/cache_util.c (original)
> +++ httpd/httpd/trunk/modules/cache/cache_util.c Thu Mar 28 16:39:39 2019

> @@ -923,75 +925,84 @@ CACHE_DECLARE(char *)ap_cache_generate_n
>  }
>  
>  /**
> - * String tokenizer that ignores separator characters within quoted strings
> - * and escaped characters, as per RFC2616 section 2.2.
> + * String tokenizer per RFC 7234 section 5.2 (1#token[=["]arg["]]).
> + * If any (and arg not NULL), the argument is also returned (unquoted).
>   */
> -char *cache_strqtok(char *str, const char *sep, char **last)
> +apr_status_t cache_strqtok(char *str, char **token, char **arg, char **last)
>  {
> -    char *token;
> +#define CACHE_TOKEN_SEPS "\t ,"
>      int quoted = 0;
> +    char *wpos;
>  
>      if (!str) {         /* subsequent call */
>          str = *last;    /* start where we left off */
>      }
> -
>      if (!str) {         /* no more tokens */
> -        return NULL;
> +        return APR_EOF;
>      }
>  
> -    /* skip characters in sep (will terminate at '\0') */
> -    while (*str && ap_strchr_c(sep, *str)) {
> +    /* skip separators (will terminate at '\0') */
> +    while (*str && TEST_CHAR(*str, T_HTTP_TOKEN_STOP)) {
> +        if (!ap_strchr_c(CACHE_TOKEN_SEPS, *str)) {
> +            return APR_EINVAL;
> +        }
>          ++str;
>      }
> -
>      if (!*str) {        /* no more tokens */
> -        return NULL;
> +        return APR_EOF;
>      }
>  
> -    token = str;
> +    *token = str;
> +    if (arg) {
> +        *arg = NULL;
> +    }
>  
>      /* skip valid token characters to terminate token and
>       * prepare for the next call (will terminate at '\0)
> -     * on the way, ignore all quoted strings, and within
> +     * on the way, handle quoted strings, and within
>       * quoted strings, escaped characters.
>       */
> -    *last = token;
> -    while (**last) {
> +    for (wpos = str; *str; ++str) {
>          if (!quoted) {
> -            if (**last == '\"' && !ap_strchr_c(sep, '\"')) {
> +            if (*str == '"') {

Question: Is the token allowed to the quoted?

Regards

RĂ¼diger























					Reply via email to