mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582253 13f79535-47bb-0310-9956-ffa450edef68
2025-08-05 16:55:50 +03:00 · 2014-03-27 10:58:35 +00:00
parent 8ad00113ae
commit 2514105ae4
1 changed files with 4 additions and 0 deletions
--- a/modules/lua/lua_request.c
+++ b/modules/lua/lua_request.c
@@ -2057,6 +2057,10 @@ static int lua_set_cookie(lua_State *L)
        strdomain = apr_psprintf(r->pool, "Domain=%s;", domain);
    }
    
+    /* URL-encode key/value */
+    value = ap_escape_urlencoded(r->pool, value);
+    key = ap_escape_urlencoded(r->pool, key);
+    
    /* Create the header */
    out = apr_psprintf(r->pool, "%s=%s; %s %s %s %s %s", key, value, 
            secure ? "Secure;" : "",