Handle quoted directives in Cache-Control header

akonradi-signal · akonradi-signal · commit fc9324e70f1d · 2025-08-15T16:03:19.000-04:00
This fixes a parsing bug that resulted in commas within quoted blocks
being treated as delimiters for directives.
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,6 +23,7 @@ bytes = "1"
 mime = "0.3.14"
 sha1 = "0.10"
 httpdate = "1"
+either = "1.6.0"
 
 [features]
 nightly = []
diff --git a/src/common/cache_control.rs b/src/common/cache_control.rs
@@ -3,9 +3,10 @@ use std::iter::FromIterator;
 use std::str::FromStr;
 use std::time::Duration;
 
+use either::Either;
 use http::{HeaderName, HeaderValue};
 
-use crate::util::{self, csv, Seconds};
+use crate::util::{self, csv, iter_flat_csv, Seconds};
 use crate::{Error, Header};
 
 /// `Cache-Control` header, defined in [RFC7234](https://tools.ietf.org/html/rfc7234#section-5.2)
@@ -241,7 +242,17 @@ impl Header for CacheControl {
     }
 
     fn decode<'i, I: Iterator<Item = &'i HeaderValue>>(values: &mut I) -> Result<Self, Error> {
-        csv::from_comma_delimited(values).map(|FromIter(cc)| cc)
+        let directives = values.flat_map(|value| {
+            let Ok(value) = value.to_str() else {
+                return Either::Left(std::iter::once(Err(())));
+            };
+            Either::Right(iter_flat_csv(value, ',').map(KnownDirective::from_str))
+        });
+
+        match directives.collect() {
+            Ok(FromIter(cc)) => Ok(cc),
+            Err(()) => Err(Error::invalid()),
+        }
     }
 
     fn encode<E: Extend<HeaderValue>>(&self, values: &mut E) {
@@ -489,12 +500,7 @@ mod tests {
     fn test_parse_quoted_comma() {
         assert_eq!(
             test_decode::<CacheControl>(&["foo=\"a, private, immutable, b\", no-cache"]).unwrap(),
-            CacheControl::new()
-                .with_no_cache()
-                // These are wrong: these appear inside a quoted string and so
-                // should be treated as parameter for the "a" directive.
-                .with_private()
-                .with_immutable(),
+            CacheControl::new().with_no_cache(),
             "unknown extensions are ignored but shouldn't fail parsing",
         )
     }
diff --git a/src/util/csv.rs b/src/util/csv.rs
@@ -5,6 +5,7 @@ use http::HeaderValue;
 use crate::Error;
 
 /// Reads a comma-delimited raw header into a Vec.
+#[allow(unused)]
 pub(crate) fn from_comma_delimited<'i, I, T, E>(values: &mut I) -> Result<E, Error>
 where
     I: Iterator<Item = &'i HeaderValue>,
diff --git a/src/util/flat_csv.rs b/src/util/flat_csv.rs
@@ -38,29 +38,11 @@ impl Separator for SemiColon {
 
 impl<Sep: Separator> FlatCsv<Sep> {
     pub(crate) fn iter(&self) -> impl Iterator<Item = &str> {
-        self.value.to_str().ok().into_iter().flat_map(|value_str| {
-            let mut in_quotes = false;
-            value_str
-                .split(move |c| {
-                    #[allow(clippy::collapsible_else_if)]
-                    if in_quotes {
-                        if c == '"' {
-                            in_quotes = false;
-                        }
-                        false // dont split
-                    } else {
-                        if c == Sep::CHAR {
-                            true // split
-                        } else {
-                            if c == '"' {
-                                in_quotes = true;
-                            }
-                            false // dont split
-                        }
-                    }
-                })
-                .map(|item| item.trim())
-        })
+        self.value
+            .to_str()
+            .ok()
+            .into_iter()
+            .flat_map(|value_str| iter_flat_csv(value_str, Sep::CHAR))
     }
 }
 
@@ -161,6 +143,34 @@ impl<Sep: Separator> FromIterator<HeaderValue> for FlatCsv<Sep> {
     }
 }
 
+/// Iterate over comma-delimited values, preserving quoted groups.
+///
+/// The returned iterator produces non-overlapping string slices split at
+/// `separator`, except when `separator` occurs within quotes.
+pub(crate) fn iter_flat_csv(value: &str, separator: char) -> impl Iterator<Item = &str> {
+    let mut in_quotes = false;
+    value
+        .split(move |c| {
+            #[allow(clippy::collapsible_else_if)]
+            if in_quotes {
+                if c == '"' {
+                    in_quotes = false;
+                }
+                false // dont split
+            } else {
+                if c == separator {
+                    true // split
+                } else {
+                    if c == '"' {
+                        in_quotes = true;
+                    }
+                    false // dont split
+                }
+            }
+        })
+        .map(|item| item.trim())
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -191,10 +201,9 @@ mod tests {
 
     #[test]
     fn quoted_text() {
-        let val = HeaderValue::from_static("foo=\"bar,baz\", sherlock=holmes");
-        let csv = FlatCsv::<Comma>::from(val);
+        let val = "foo=\"bar,baz\", sherlock=holmes";
 
-        let mut values = csv.iter();
+        let mut values = iter_flat_csv(val, ',');
         assert_eq!(values.next(), Some("foo=\"bar,baz\""));
         assert_eq!(values.next(), Some("sherlock=holmes"));
         assert_eq!(values.next(), None);
diff --git a/src/util/mod.rs b/src/util/mod.rs
@@ -5,7 +5,7 @@ use crate::Error;
 //pub use self::charset::Charset;
 //pub use self::encoding::Encoding;
 pub(crate) use self::entity::{EntityTag, EntityTagRange};
-pub(crate) use self::flat_csv::{FlatCsv, SemiColon};
+pub(crate) use self::flat_csv::{iter_flat_csv, FlatCsv, SemiColon};
 pub(crate) use self::fmt::fmt;
 pub(crate) use self::http_date::HttpDate;
 pub(crate) use self::iter::IterExt;
