Skip to content
Snippets Groups Projects
Select Git revision
  • dev_fxs_no_wb
  • asterisk_rdkb
  • fix_transport_fallback_at_dns_failure
  • 14600-wenpeng
  • fix_fallback
  • 14666_fxs_no_wideband_codec
  • fix_srv_records
  • wenpeng-test-250121
  • wenpeng-registration-test
  • fix_deadlock_in_bridge_peer_functions
  • devel default protected
  • securesip_pjproject_part1
  • PJ_Example_Review
  • fix_re_register_authorization_header
  • fix_internal_calls_auth
  • fix_internal_calls
  • Secure_SIPtelephony_part1
  • SIPtelephony_DECT_syslog
  • syslog_develop_phase1
  • merge-asterisk-20.8.1
  • 22.0.0-pre1
  • 21.4.2
  • 20.9.2
  • 18.24.2
  • certified-20.7-cert2
  • certified-18.9-cert11
  • 21.4.1
  • 20.9.1
  • 18.24.1
  • 21.4.0
  • 20.9.0
  • 18.24.0
  • certified-20.7-cert1
  • certified-18.9-cert10
  • 21.4.0-rc1
  • 20.9.0-rc1
  • 18.24.0-rc1
  • 21.3.1
  • 20.8.1
  • 18.23.1
40 results
Blame Permalink
  • Matthew Jordan's avatar
    bdb1c6bf
    Tolerate presence of RFC2965 Cookie2 header by ignoring it · bdb1c6bf
    Matthew Jordan authored 
    This patch modifies parsing of cookies in Asterisk's http server by doing an
explicit comparison of the "Cookie" header instead of looking at the first
6 characters to determine if the header is a cookie header. This avoids
parsing "Cookie2" headers and overwriting the previously parsed "Cookie"
header.

Note that we probably should be appending the cookies in each "Cookie"
header to the parsed results; however, while clients can send multiple
cookie headers they never really do. While this patch doesn't improve
Asterisk's behavior in that regard, it shouldn't make it any worse either.

Note that the solution in this patch was pointed out on the issue by the
issue reporter, Stuart Henderson.

(closes issue ASTERISK-21789)
Reported by: Stuart Henderson
Tested by: mjordan, Stuart Henderson
........

Merged revisions 394899 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 394900 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@394901 65c4cc65-6c06-0410-ace0-fbb531ad65f3
    bdb1c6bf
    History
    Tolerate presence of RFC2965 Cookie2 header by ignoring it
    Matthew Jordan authored 
    This patch modifies parsing of cookies in Asterisk's http server by doing an
explicit comparison of the "Cookie" header instead of looking at the first
6 characters to determine if the header is a cookie header. This avoids
parsing "Cookie2" headers and overwriting the previously parsed "Cookie"
header.

Note that we probably should be appending the cookies in each "Cookie"
header to the parsed results; however, while clients can send multiple
cookie headers they never really do. While this patch doesn't improve
Asterisk's behavior in that regard, it shouldn't make it any worse either.

Note that the solution in this patch was pointed out on the issue by the
issue reporter, Stuart Henderson.

(closes issue ASTERISK-21789)
Reported by: Stuart Henderson
Tested by: mjordan, Stuart Henderson
........

Merged revisions 394899 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 394900 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@394901 65c4cc65-6c06-0410-ace0-fbb531ad65f3