Improved $cookie_ evaluation.

author Vadim Zhestikov <v.zhestikov@f5.com>

Fri, 19 Dec 2025 00:45:21 +0000 (16:45 -0800)

committer VadimZhestikov <108960056+VadimZhestikov@users.noreply.github.com>

Thu, 12 Feb 2026 18:52:20 +0000 (10:52 -0800)
author Vadim Zhestikov <v.zhestikov@f5.com>
Fri, 19 Dec 2025 00:45:21 +0000 (16:45 -0800)
committer VadimZhestikov <108960056+VadimZhestikov@users.noreply.github.com>
Thu, 12 Feb 2026 18:52:20 +0000 (10:52 -0800)
diff --git a/src/http/modules/ngx_http_userid_filter_module.c b/src/http/modules/ngx_http_userid_filter_module.c

index e52844446c78d72fe3a20ec648e4383c0166bdef..86ec3898847131318637cfd46f2b9aef0b667952 100644 (file)
--- a/src/http/modules/ngx_http_userid_filter_module.c
+++ b/src/http/modules/ngx_http_userid_filter_module.c
@@ -338,8 +338,8 @@ ngx_http_userid_get_uid(ngx_http_request_t *r, ngx_http_userid_conf_t *conf)
          ngx_http_set_ctx(r, ctx, ngx_http_userid_filter_module);
      }
  
-    cookie = ngx_http_parse_multi_header_lines(r, r->headers_in.cookie,
-                                               &conf->name, &ctx->cookie);
+    cookie = ngx_http_parse_cookie_lines(r, r->headers_in.cookie, &conf->name,
+                                         &ctx->cookie);
      if (cookie == NULL) {
          return ctx;
      }
diff --git a/src/http/ngx_http.h b/src/http/ngx_http.h

index 4fb6b17ea4c204afc71c2756c6bd39678ec7407b..4e4511cc5204ff947c2516cef424ec9e4b8db104 100644 (file)
--- a/src/http/ngx_http.h
+++ b/src/http/ngx_http.h
@@ -110,6 +110,8 @@ ngx_int_t ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
      ngx_uint_t allow_underscores);
  ngx_table_elt_t *ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
      ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value);
+ngx_table_elt_t *ngx_http_parse_cookie_lines(ngx_http_request_t *r,
+    ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value);
  ngx_table_elt_t *ngx_http_parse_set_cookie_lines(ngx_http_request_t *r,
      ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value);
  ngx_int_t ngx_http_arg(ngx_http_request_t *r, u_char *name, size_t len,
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c

index e60dc425e0918c50effb3e301d29072ab1a5779d..81f689e5bdd5bcddb52c336049f68ed9039a580f 100644 (file)
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -10,6 +10,10 @@
  #include <ngx_http.h>
  
  
+static ngx_table_elt_t *ngx_http_parse_multi_header_lines_internal(
+    ngx_http_request_t *r, ngx_table_elt_t *headers, ngx_str_t *name,
+    ngx_str_t *value, u_char sep);
+
  static uint32_t  usual[] = {
      0x00000000, /* 0000 0000 0000 0000  0000 0000 0000 0000 */
  
@@ -1997,6 +2001,24 @@ unsafe:
  ngx_table_elt_t *
  ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
      ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value)
+{
+    return ngx_http_parse_multi_header_lines_internal(r, headers, name, value,
+                                                      ',');
+}
+
+
+ngx_table_elt_t *
+ngx_http_parse_cookie_lines(ngx_http_request_t *r,
+    ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value)
+{
+    return ngx_http_parse_multi_header_lines_internal(r, headers, name, value,
+                                                      ';');
+}
+
+
+static ngx_table_elt_t *
+ngx_http_parse_multi_header_lines_internal(ngx_http_request_t *r,
+    ngx_table_elt_t *headers, ngx_str_t *name, ngx_str_t *value, u_char sep)
  {
      u_char           *start, *last, *end, ch;
      ngx_table_elt_t  *h;
@@ -2024,7 +2046,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
              }
  
              if (value == NULL) {
-                if (start == end || *start == ',') {
+                if (start == end || *start == sep) {
                      return h;
                  }
  
@@ -2038,7 +2060,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
  
              while (start < end && *start == ' ') { start++; }
  
-            for (last = start; last < end && *last != ';'; last++) {
+            for (last = start; last < end && *last != sep; last++) {
                  /* void */
              }
  
@@ -2051,7 +2073,7 @@ ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
  
              while (start < end) {
                  ch = *start++;
-                if (ch == ';' || ch == ',') {
+                if (ch == sep) {
                      break;
                  }
              }
diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c

index dd69bcfcd2022f0f407e28bb5f2b17e2a677ddfd..37cd0d2877fe5a8c0b2938e2f2c68df97df021c2 100644 (file)
--- a/src/http/ngx_http_variables.c
+++ b/src/http/ngx_http_variables.c
@@ -1088,7 +1088,7 @@ ngx_http_variable_cookie(ngx_http_request_t *r, ngx_http_variable_value_t *v,
      s.len = name->len - (sizeof("cookie_") - 1);
      s.data = name->data + sizeof("cookie_") - 1;
  
-    if (ngx_http_parse_multi_header_lines(r, r->headers_in.cookie, &s, &cookie)
+    if (ngx_http_parse_cookie_lines(r, r->headers_in.cookie, &s, &cookie)
          == NULL)
      {
          v->not_found = 1;
author	Vadim Zhestikov <v.zhestikov@f5.com>
	Fri, 19 Dec 2025 00:45:21 +0000 (16:45 -0800)
committer	VadimZhestikov <108960056+VadimZhestikov@users.noreply.github.com>
	Thu, 12 Feb 2026 18:52:20 +0000 (10:52 -0800)
src/http/modules/ngx_http_userid_filter_module.c		patch \| blob \| history
src/http/ngx_http.h		patch \| blob \| history
src/http/ngx_http_parse.c		patch \| blob \| history
src/http/ngx_http_variables.c		patch \| blob \| history