Code does not handle whitespace after cookie value before semicolon

[michaeltalyansky]

This curl:

curl -b "name3=booboo; name2=hello_Hahabooboo ; username=foofoo" -o zoo1 -v "http://test.com/1.jpg"

breaks the code, the next cookie name starts with a semicolon.

Here is the proposed fix:

--- /usr/local/openresty/lualib/resty/cookie.lua.orig 2017-07-05 17:39:05.660555808 +0000
+++ /usr/local/openresty/lualib/resty/cookie.lua       2017-07-05 18:08:51.604555808 +0000
@@ -41,6 +41,7 @@
     local EXPECT_KEY    = 1
     local EXPECT_VALUE  = 2
     local EXPECT_SP     = 3
+    local EXPECT_SEMI   = 4
 
     local n = 0
     local len = #text_cookie
@@ -74,8 +75,12 @@
                 cookie_table[key] = value
 
                 key, value = nil, nil
-                state = EXPECT_SP
                 i = j + 1
+                              if byte(text_cookie, j) == SEMICOLON then
+                    state = EXPECT_SP
+                              else
+                                  state = EXPECT_SEMI
+                              end
             end
         elseif state == EXPECT_SP then
             if byte(text_cookie, j) ~= SPACE
@@ -85,6 +90,12 @@
                 i = j
                 j = j - 1
             end
+              elseif state == EXPECT_SEMI then
+                  if byte(text_cookie, j) ~= SEMICOLON then
+                  else
+                              state = EXPECT_SP
+                              i = j + 1
+                  end
         end
         j = j + 1
     end

[lua-study]

elseif state == EXPECT_VALUE then
if byte(text_cookie, j) == SEMICOLON
-- or byte(text_cookie, j) == SPACE
-- or byte(text_cookie, j) == HTAB
then
value = sub(text_cookie, i, j - 1)
cookie_table[key] = value

            key, value = nil, nil
            state = EXPECT_SP
            i = j + 1
        end