From: Daniel Gruno <humbedooh@apache.org>
Date: Thu, 27 Mar 2014 10:58:35 +0000 (+0000)
Subject: mod_lua: escape key/value pairs when setting cookies to prevent header splitting... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d272fe06e7d4b605e14ff8f1bf495a0934e4696;p=thirdparty%2Fapache%2Fhttpd.git

mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582253 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
index 652ba4013d4..83ecd88cff5 100644
--- a/modules/lua/lua_request.c
+++ b/modules/lua/lua_request.c
@@ -2057,6 +2057,10 @@ static int lua_set_cookie(lua_State *L)
         strdomain = apr_psprintf(r->pool, "Domain=%s;", domain);
     }
     
+    /* URL-encode key/value */
+    value = ap_escape_urlencoded(r->pool, value);
+    key = ap_escape_urlencoded(r->pool, key);
+    
     /* Create the header */
     out = apr_psprintf(r->pool, "%s=%s; %s %s %s %s %s", key, value, 
             secure ? "Secure;" : "",