[asterisk-bugs] [JIRA] (ASTERISK-21789) ast_http_get_cookies() fails in the presence of RFC2965 Cookie2 header
Stuart Henderson (JIRA)
noreply at issues.asterisk.org
Thu May 16 15:54:38 CDT 2013
Stuart Henderson created ASTERISK-21789:
-------------------------------------------
Summary: ast_http_get_cookies() fails in the presence of RFC2965 Cookie2 header
Key: ASTERISK-21789
URL: https://issues.asterisk.org/jira/browse/ASTERISK-21789
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Core/HTTP, Core/ManagerInterface
Affects Versions: 11.4.0
Environment: OpenBSD 5.3-current, amd64 (but not relevant to issue)
Reporter: Stuart Henderson
Severity: Minor
When sending cookies, some HTTP clients (for example the version of Apache Commons HttpClient used in railo 4.x) normally send an RFC 2965 Cookie2 header:
{noformat}
Cookie: mansession_id="e071e431"
Cookie2: $Version="1"
{noformat}
This was recently deprecated by RFC 6265 but is still seen in the wild. Unfortunately ast_http_get_cookies() in http.c does this:
{noformat}
if (!strncasecmp(v->name, "Cookie", 6)) {
char *tmp = ast_strdupa(v->value);
if (cookies) {
ast_variables_destroy(cookies);
}
cookies = parse_cookies(tmp);
}
{noformat}
i.e. only compares the first 6 characters, and because the Cookie2 header appears after the Cookie header, destroys the previously saved cookies. As a result Asterisk doesn't pick up the authentication cookie and so AMI fails as it thinks the request is not authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list