From 3f5c7763b40db760bdf2bd486965c68019e7c5c3 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Thu, 11 Feb 2010 19:34:10 +0000
Subject: URL encode the cookie value.

---
 module/mod_auth_singleid.c | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

(limited to 'module/mod_auth_singleid.c')

diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index e8b7e14..8167139 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -636,14 +636,23 @@ session_validate_sig (apr_pool_t *p, const char *sig, const char *value)
 }
 
 static sid_session_t*
-session_parse_info (sid_context_t *ctx, request_rec *r, const char *value)
+session_parse_info (sid_context_t *ctx, request_rec *r, char *data)
 {
 	sid_session_t *sess;
+	const char *value;
 	char *token, *sig, *end;
 	char *identifier;
 	char **here;
 	long expiry;
 
+	if (ap_unescape_url_keep2f (data) != 0) {
+		ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+		               "auth-singleid: invalidly encoded cookie: %s", data);
+		return NULL;
+	}
+
+	value = data;
+
 	sig = get_token (r->pool, &value, " ");
 	if (!sig || !session_validate_sig (r->pool, sig, value)) {
 		ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
@@ -705,7 +714,7 @@ session_load_info (sid_context_t *ctx, request_rec *r)
 {
 	sid_session_t *sess;
 	const char *cookies;
-	const char *value;
+	char *value;
 	char *pair;
 
 	cookies = apr_table_get (r->headers_in, "Cookie");
@@ -719,7 +728,7 @@ session_load_info (sid_context_t *ctx, request_rec *r)
 		if (pair[0] == '$')
 			continue;
 
-		value = ap_stripprefix (pair, ctx->cookie_name);
+		value = (char*)ap_stripprefix (pair, ctx->cookie_name);
 		if (value == pair)
 			continue;
 		while (isspace (*value))
@@ -731,7 +740,7 @@ session_load_info (sid_context_t *ctx, request_rec *r)
 		while (isspace (*value))
 			++value;
 
-		/* Try to parse this cookie */
+		/* Try to parse this cookie, modifies value */
 		sess = session_parse_info (ctx, r, value);
 		if (sess != NULL)
 			return sess;
@@ -743,7 +752,7 @@ session_load_info (sid_context_t *ctx, request_rec *r)
 static void
 session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess)
 {
-	char *cookie, *sig, *payload, *values;
+	char *cookie, *sig, *payload, *values, *value;
 
 	/* All the values */
 	if (sess->values)
@@ -757,9 +766,12 @@ session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess)
 	                        values && values[0] ? " " : "", values);
 	sig = session_create_sig (r->pool, payload);
 
+	/* Build up and escape the cookie value */
+	value = ap_escape_path_segment (r->pool, apr_psprintf (r->pool, "%s %s", sig, payload));
+
 	/* Build up the full cookie spec */
-	cookie = apr_psprintf (r->pool, "%s=%s %s; httponly%s%s%s%s%s",
-	                       ctx->cookie_name, sig, payload,
+	cookie = apr_psprintf (r->pool, "%s=%s; httponly%s%s%s%s%s",
+	                       ctx->cookie_name, value,
 	                       ctx->cookie_domain ? "; domain=" : "",
 	                       ctx->cookie_domain ? ctx->cookie_domain : "",
 	                       ctx->cookie_path ? "; path=" : "",
-- 
cgit v1.2.3