Summary: | ASTERISK-21789: ast_http_get_cookies() fails in the presence of RFC2965 Cookie2 header | ||
Reporter: | Stuart Henderson (sthen) | Labels: | |
Date Opened: | 2013-05-16 15:53:48 | Date Closed: | 2013-07-20 22:11:01 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | Core/HTTP Core/ManagerInterface |
Versions: | 11.4.0 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | OpenBSD 5.3-current, amd64 (but not relevant to issue) | Attachments: | |
Description: | When sending cookies, some HTTP clients (for example the version of Apache Commons HttpClient used in railo 4.x) normally send an RFC 2965 Cookie2 header:
{noformat} Cookie: mansession_id="e071e431" Cookie2: $Version="1" {noformat} This was recently deprecated by RFC 6265 but is still seen in the wild. Unfortunately ast_http_get_cookies() in http.c does this: {noformat} if (!strncasecmp(v->name, "Cookie", 6)) { char *tmp = ast_strdupa(v->value); if (cookies) { ast_variables_destroy(cookies); } cookies = parse_cookies(tmp); } {noformat} i.e. only compares the first 6 characters, and because the Cookie2 header appears after the Cookie header, destroys the previously saved cookies. As a result Asterisk doesn't pick up the authentication cookie and so AMI fails as it thinks the request is not authenticated. | ||
Comments: | By: Stuart Henderson (sthen) 2013-06-04 06:23:21.256-0500 Unless I'm mistaken this is as simple as just using strcasecmp instead of strncasecmp isn't it? v->name is just "Cookie", no trailing : etc. By: Stuart Henderson (sthen) 2013-07-09 08:50:26.829-0500 s/strncasecmp/strcasecmp/ has been working for me for the last month. By: Matt Jordan (mjordan) 2013-07-20 22:11:12.497-0500 Worked for me as well. Thanks for pointing out a solution! |