mod_cache: Fix parsing of quoted Cache-Control token arguments. PR 63288.

Make cache_strqtok() return both the token and its unquoted argument (if any), or an error if the parsing fails. Cache-Control integer values (max-age, max-stale, ...) can then be parsed w/o taking care of the (optional) quoting. Suggested by: fielding git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1856493 13f79535-47bb-0310-9956-ffa450edef68
2025-08-01 07:26:57 +03:00 · 2019-03-28 16:39:39 +00:00
parent c5c0032baf
commit 00bd49eaa5
4 changed files with 131 additions and 124 deletions
--- a/modules/cache/cache_util.h
+++ b/modules/cache/cache_util.h
@ -99,7 +99,6 @@ extern "C" {
 #define CACHE_LOCKNAME_KEY "mod_cache-lockname"
 #define CACHE_LOCKFILE_KEY "mod_cache-lockfile"
 #define CACHE_CTX_KEY "mod_cache-ctx"
-#define CACHE_SEPARATOR ", \t"

 /**
 * cache_util.c
@ -316,10 +315,10 @@ const char *cache_table_getm(apr_pool_t *p, const apr_table_t *t,
        const char *key);

 /**
- * String tokenizer that ignores separator characters within quoted strings
- * and escaped characters, as per RFC2616 section 2.2.
+ * String tokenizer per RFC 7234 section 5.2 (1#token[=["]arg["]]).
+ * If any (and arg not NULL), the argument is also returned (unquoted).
 */
-char *cache_strqtok(char *str, const char *sep, char **last);
+apr_status_t cache_strqtok(char *str, char **token, char **arg, char **last);

 /**
 * Merge err_headers_out into headers_out and add request's Content-Type and