On 03/28/2019 10:24 PM, Ruediger Pluem wrote:
>
>
> On 03/28/2019 05:39 PM, [email protected] wrote:
>> Author: ylavic
>> Date: Thu Mar 28 16:39:39 2019
>> New Revision: 1856493
>>
>> URL: http://svn.apache.org/viewvc?rev=1856493&view=rev
>> Log:
>> mod_cache: Fix parsing of quoted Cache-Control token arguments. PR 63288.
>>
>> Make cache_strqtok() return both the token and its unquoted argument (if
>> any),
>> or an error if the parsing fails.
>>
>> Cache-Control integer values (max-age, max-stale, ...) can then be parsed w/o
>> taking care of the (optional) quoting.
>>
>> Suggested by: fielding
>>
>> Modified:
>> httpd/httpd/trunk/CHANGES
>> httpd/httpd/trunk/modules/cache/cache_storage.c
>> httpd/httpd/trunk/modules/cache/cache_util.c
>> httpd/httpd/trunk/modules/cache/cache_util.h
>>
>
>> Modified: httpd/httpd/trunk/modules/cache/cache_util.c
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_util.c?rev=1856493&r1=1856492&r2=1856493&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/cache/cache_util.c (original)
>> +++ httpd/httpd/trunk/modules/cache/cache_util.c Thu Mar 28 16:39:39 2019
>
>> @@ -923,75 +925,84 @@ CACHE_DECLARE(char *)ap_cache_generate_n
>> }
>>
>> /**
>> - * String tokenizer that ignores separator characters within quoted strings
>> - * and escaped characters, as per RFC2616 section 2.2.
>> + * String tokenizer per RFC 7234 section 5.2 (1#token[=["]arg["]]).
>> + * If any (and arg not NULL), the argument is also returned (unquoted).
>> */
>> -char *cache_strqtok(char *str, const char *sep, char **last)
>> +apr_status_t cache_strqtok(char *str, char **token, char **arg, char **last)
>> {
>> - char *token;
>> +#define CACHE_TOKEN_SEPS "\t ,"
>> int quoted = 0;
>> + char *wpos;
>>
>> if (!str) { /* subsequent call */
>> str = *last; /* start where we left off */
>> }
>> -
>> if (!str) { /* no more tokens */
>> - return NULL;
>> + return APR_EOF;
>> }
>>
>> - /* skip characters in sep (will terminate at '\0') */
>> - while (*str && ap_strchr_c(sep, *str)) {
>> + /* skip separators (will terminate at '\0') */
>> + while (*str && TEST_CHAR(*str, T_HTTP_TOKEN_STOP)) {
>> + if (!ap_strchr_c(CACHE_TOKEN_SEPS, *str)) {
>> + return APR_EINVAL;
>> + }
>> ++str;
>> }
>> -
>> if (!*str) { /* no more tokens */
>> - return NULL;
>> + return APR_EOF;
>> }
>>
>> - token = str;
>> + *token = str;
>> + if (arg) {
>> + *arg = NULL;
>> + }
>>
>> /* skip valid token characters to terminate token and
>> * prepare for the next call (will terminate at '\0)
>> - * on the way, ignore all quoted strings, and within
>> + * on the way, handle quoted strings, and within
>> * quoted strings, escaped characters.
>> */
>> - *last = token;
>> - while (**last) {
>> + for (wpos = str; *str; ++str) {
>> if (!quoted) {
>> - if (**last == '\"' && !ap_strchr_c(sep, '\"')) {
>> + if (*str == '"') {
>
> Question: Is the token allowed to the quoted?
Answering myself: The token is not allowed to be quoted.
Regards
RĂ¼diger
