refactor log suppress handling: avoid Forwarded matching X-Forwarded-*

zandbelt · zandbelt · commit 4e66d87a9a4d · 2025-06-25T15:23:20.000+02:00
Signed-off-by: Hans Zandbelt &lt;hans.zandbelt@openidc.com&gt;
diff --git a/src/cfg/cfg.c b/src/cfg/cfg.c
@@ -446,12 +446,13 @@ OIDC_CFG_MEMBER_FUNC_TYPE_GET(x_forwarded_headers, oidc_hdr_x_forwarded_t, OIDC_
 
 static void oidc_check_x_forwarded_hdr(request_rec *r, const apr_byte_t x_forwarded_headers, const apr_byte_t hdr_type,
 				       const char *hdr_str, const char *(hdr_func)(const request_rec *r)) {
-	const char *env_var = apr_table_get(r->subprocess_env, OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE);
+	apr_byte_t suppress = oidc_util_spaced_string_contains(
+	    r->pool, apr_table_get(r->subprocess_env, OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE), hdr_str);
 	if (hdr_func(r)) {
-		if (!(x_forwarded_headers & hdr_type) && (_oidc_strstr(env_var, hdr_str) == NULL))
+		if (!(x_forwarded_headers & hdr_type) && !suppress)
 			oidc_warn(r, "header %s received but %s not configured for it", hdr_str, OIDCXForwardedHeaders);
 	} else {
-		if ((x_forwarded_headers & hdr_type) && (_oidc_strstr(env_var, hdr_str) == NULL))
+		if ((x_forwarded_headers & hdr_type) && !suppress)
 			oidc_warn(r, "%s configured for header %s but not found in request", OIDCXForwardedHeaders,
 				  hdr_str);
 	}
diff --git a/src/util/util.c b/src/util/util.c
@@ -380,6 +380,8 @@ apr_byte_t oidc_util_spaced_string_equals(apr_pool_t *pool, const char *a, const
  * see if a particular value is part of a space separated value
  */
 apr_byte_t oidc_util_spaced_string_contains(apr_pool_t *pool, const char *str, const char *match) {
+	if ((str == NULL) || (match == NULL))
+		return FALSE;
 	apr_hash_t *ht = oidc_util_spaced_string_to_hashtable(pool, str);
 	return (apr_hash_get(ht, match, APR_HASH_KEY_STRING) != NULL);
 }

Original file line number	Diff line number	Diff line change
`@@ -380,6 +380,8 @@ apr_byte_t oidc_util_spaced_string_equals(apr_pool_t pool, const char a, const`
`380`	`380`	`* see if a particular value is part of a space separated value`
`381`	`381`	`*/`
`382`	`382`	`apr_byte_t oidc_util_spaced_string_contains(apr_pool_t pool, const char str, const char *match) {`
	`383`	`+ if ((str == NULL) \|\| (match == NULL))`
	`384`	`+ return FALSE;`
`383`	`385`	`apr_hash_t *ht = oidc_util_spaced_string_to_hashtable(pool, str);`
`384`	`386`	`return (apr_hash_get(ht, match, APR_HASH_KEY_STRING) != NULL);`
`385`	`387`	`}`