replace strstr with _oidc_strstr

Signed-off-by: Hans Zandbelt <[email protected]>

src/cache/file.c

@@ -299,7 +299,8 @@ static apr_status_t oidc_cache_file_clean(request_rec *r) {
 		if (i == APR_SUCCESS) {
 
 			/* skip non-cache entries, cq. the ".", ".." and the metadata file */
-			if ((fi.name[0] == OIDC_CHAR_DOT) || (strstr(fi.name, OIDC_CACHE_FILE_PREFIX) != fi.name) ||
+			if ((fi.name[0] == OIDC_CHAR_DOT) ||
+			    (_oidc_strstr(fi.name, OIDC_CACHE_FILE_PREFIX) != fi.name) ||
 			    ((_oidc_strcmp(fi.name,
 					   oidc_cache_file_name(r, "cache-file", OIDC_CACHE_FILE_LAST_CLEANED)) == 0)))
 				continue;

src/config.c

@@ -369,7 +369,7 @@ static const char *oidc_set_http_timeout_slot(cmd_parms *cmd, void *struct_ptr,
 		http_timeout->connect_timeout = _oidc_str_to_int(arg2);
 	if (arg3) {
 		s = apr_pstrdup(cmd->pool, arg3);
-		p = strstr(s, OIDC_STR_COLON);
+		p = _oidc_strstr(s, OIDC_STR_COLON);
 		if (p) {
 			*p = '\0';
 			p++;

src/const.h

@@ -81,6 +81,9 @@ static inline int _oidc_strnatcasecmp(const char *a, const char *b) {
 static inline int _oidc_strncmp(const char *a, const char *b, size_t n) {
 	return ((a && b) ? strncmp(a, b, n) : -1);
 }
+static inline char *_oidc_strstr(const char *a, const char *b) {
+	return ((a && b) ? strstr(a, b) : NULL);
+}
 
 #define _oidc_str_to_int(s) (s ? (int)strtol(s, NULL, 10) : 0)
 

src/http.c

@@ -286,10 +286,10 @@ const char *oidc_http_hdr_forwarded_get(const request_rec *r, const char *elem)
 	value = oidc_util_strcasestr(value, item);
 	if (value) {
 		value += _oidc_strlen(item);
-		ptr = strstr(value, ";");
+		ptr = _oidc_strstr(value, ";");
 		if (ptr)
 			*ptr = '\0';
-		ptr = strstr(value, " ");
+		ptr = _oidc_strstr(value, " ");
 		if (ptr)
 			*ptr = '\0';
 	}
@@ -434,7 +434,7 @@ char *oidc_http_form_encoded_data(request_rec *r, const apr_table_t *params) {
 #define OIDC_CURLOPT_SSL_OPTIONS "CURLOPT_SSL_OPTIONS"
 
 #define OIDC_HTTP_SET_CURL_OPTION(r, curl, env_var_value, option, key, val)                                            \
-	if (strstr(env_var_value, option) != NULL) {                                                                   \
+	if (_oidc_strstr(env_var_value, option) != NULL) {                                                             \
 		oidc_debug(r, "curl_easy_setopt (%d) %s (%d)", key, option, val);                                      \
 		curl_easy_setopt(curl, key, val);                                                                      \
 	}

src/jose.c

@@ -1124,7 +1124,7 @@ apr_byte_t oidc_jwt_encrypt(apr_pool_t *pool, oidc_jwt_t *jwe, oidc_jwk_t *jwk,
  */
 apr_byte_t oidc_jose_version_deprecated(apr_pool_t *pool) {
 	char *version = apr_pstrdup(pool, cjose_version());
-	return (strstr(version, OIDC_JOSE_CJOSE_VERSION_DEPRECATED) == version);
+	return (_oidc_strstr(version, OIDC_JOSE_CJOSE_VERSION_DEPRECATED) == version);
 }
 
 /*

src/metadata.c

@@ -125,11 +125,11 @@ extern module AP_MODULE_DECLARE_DATA auth_openidc_module;
 static const char *oidc_metadata_issuer_to_filename(request_rec *r, const char *issuer) {
 
 	/* strip leading https:// */
-	char *p = strstr(issuer, "https://");
+	char *p = _oidc_strstr(issuer, "https://");
 	if (p == issuer) {
 		p = apr_pstrdup(r->pool, issuer + _oidc_strlen("https://"));
 	} else {
-		p = strstr(issuer, "http://");
+		p = _oidc_strstr(issuer, "http://");
 		if (p == issuer) {
 			p = apr_pstrdup(r->pool, issuer + _oidc_strlen("http://"));
 		} else {
@@ -740,10 +740,11 @@ apr_byte_t oidc_metadata_provider_get(request_rec *r, oidc_cfg *cfg, const char
 	}
 
 	/* assemble the URL to the .well-known OpenID metadata */
-	const char *url = apr_psprintf(r->pool, "%s",
-				       ((strstr(issuer, "http://") == issuer) || (strstr(issuer, "https://") == issuer))
-					   ? issuer
-					   : apr_psprintf(r->pool, "https://%s", issuer));
+	const char *url =
+	    apr_psprintf(r->pool, "%s",
+			 ((_oidc_strstr(issuer, "http://") == issuer) || (_oidc_strstr(issuer, "https://") == issuer))
+			     ? issuer
+			     : apr_psprintf(r->pool, "https://%s", issuer));
 	url =
 	    apr_psprintf(r->pool, "%s%s.well-known/openid-configuration", url,
 			 (url && url[_oidc_strlen(url) - 1] != OIDC_CHAR_FORWARD_SLASH) ? OIDC_STR_FORWARD_SLASH : "");

src/mod_auth_openidc.c

@@ -138,7 +138,7 @@ void oidc_scrub_headers(request_rec *r) {
 	 * then see if the claim headers need to be removed on top of that
 	 * (i.e. the prefix does not start with the default OIDC_)
 	 */
-	if ((strstr(prefix, OIDC_DEFAULT_HEADER_PREFIX) != prefix)) {
+	if ((_oidc_strstr(prefix, OIDC_DEFAULT_HEADER_PREFIX) != prefix)) {
 		oidc_scrub_request_headers(r, prefix, NULL);
 	}
 }
@@ -555,7 +555,7 @@ static int oidc_clean_expired_state_cookies(request_rec *r, oidc_cfg *c, const c
 		while (cookie != NULL) {
 			while (*cookie == OIDC_CHAR_SPACE)
 				cookie++;
-			if (strstr(cookie, oidc_cfg_dir_state_cookie_prefix(r)) == cookie) {
+			if (_oidc_strstr(cookie, oidc_cfg_dir_state_cookie_prefix(r)) == cookie) {
 				char *cookieName = cookie;
 				while (cookie != NULL && *cookie != OIDC_CHAR_EQUAL)
 					cookie++;
@@ -1982,8 +1982,9 @@ static apr_byte_t oidc_set_request_user(request_rec *r, oidc_cfg *c, oidc_provid
 	apr_byte_t post_fix_with_issuer = (claim_name[n - 1] == OIDC_CHAR_AT);
 	if (post_fix_with_issuer == TRUE) {
 		claim_name[n - 1] = '\0';
-		issuer = (strstr(issuer, "https://") == NULL) ? apr_pstrdup(r->pool, issuer)
-							      : apr_pstrdup(r->pool, issuer + _oidc_strlen("https://"));
+		issuer = (_oidc_strstr(issuer, "https://") == NULL)
+			     ? apr_pstrdup(r->pool, issuer)
+			     : apr_pstrdup(r->pool, issuer + _oidc_strlen("https://"));
 	}
 
 	/* extract the username claim (default: "sub") from the id_token payload or user claims */
@@ -2513,12 +2514,12 @@ static int oidc_discovery(request_rec *r, oidc_cfg *cfg) {
 			href = apr_psprintf(r->pool, "%s&%s=%s", href, OIDC_DISC_AR_PARAM,
 					    oidc_http_escape_string(r, path_auth_request_params));
 
-		char *display = (strstr(issuer, "https://") == NULL)
+		char *display = (_oidc_strstr(issuer, "https://") == NULL)
 				    ? apr_pstrdup(r->pool, issuer)
 				    : apr_pstrdup(r->pool, issuer + _oidc_strlen("https://"));
 
 		/* strip port number */
-		// char *p = strstr(display, ":");
+		// char *p = _oidc_strstr(display, ":");
 		// if (p != NULL) *p = '\0';
 		/* point back to the redirect_uri, where the selection is handled, with an IDP selection and return_to
 		 * URL */
@@ -2676,7 +2677,7 @@ static int oidc_authenticate_user(request_rec *r, oidc_cfg *c, oidc_provider_t *
 
 	if (c->cookie_domain == NULL) {
 		if (_oidc_strcmp(o_uri.hostname, r_uri.hostname) != 0) {
-			char *p = strstr(o_uri.hostname, r_uri.hostname);
+			char *p = _oidc_strstr(o_uri.hostname, r_uri.hostname);
 			if ((p == NULL) || (_oidc_strcmp(r_uri.hostname, p) != 0)) {
 				oidc_error(r,
 					   "the URL hostname (%s) of the configured " OIDCRedirectURI
@@ -2732,7 +2733,7 @@ static int oidc_target_link_uri_matches_configuration(request_rec *r, oidc_cfg *
 		/* cookie_domain set: see if the target_link_uri matches the redirect_uri host (because the session
 		 * cookie will be set host-wide) */
 		if (_oidc_strcmp(o_uri.hostname, r_uri.hostname) != 0) {
-			char *p = strstr(o_uri.hostname, r_uri.hostname);
+			char *p = _oidc_strstr(o_uri.hostname, r_uri.hostname);
 			if ((p == NULL) || (_oidc_strcmp(r_uri.hostname, p) != 0)) {
 				oidc_error(r,
 					   "the URL hostname (%s) of the configured " OIDCRedirectURI
@@ -2744,7 +2745,7 @@ static int oidc_target_link_uri_matches_configuration(request_rec *r, oidc_cfg *
 		}
 	} else {
 		/* cookie_domain set: see if the target_link_uri is within the cookie_domain */
-		char *p = strstr(o_uri.hostname, cfg->cookie_domain);
+		char *p = _oidc_strstr(o_uri.hostname, cfg->cookie_domain);
 		if ((p == NULL) || (_oidc_strcmp(cfg->cookie_domain, p) != 0)) {
 			oidc_error(r,
 				   "the domain (%s) configured in " OIDCCookieDomain
@@ -2758,7 +2759,7 @@ static int oidc_target_link_uri_matches_configuration(request_rec *r, oidc_cfg *
 	/* see if the cookie_path setting matches the target_link_uri path */
 	char *cookie_path = oidc_cfg_dir_cookie_path(r);
 	if (cookie_path != NULL) {
-		char *p = (o_uri.path != NULL) ? strstr(o_uri.path, cookie_path) : NULL;
+		char *p = (o_uri.path != NULL) ? _oidc_strstr(o_uri.path, cookie_path) : NULL;
 		if (p != o_uri.path) {
 			oidc_error(r,
 				   "the path (%s) configured in " OIDCCookiePath
@@ -2828,7 +2829,7 @@ apr_byte_t oidc_validate_redirect_url(request_rec *r, oidc_cfg *c, const char *r
 			url_ipv6_aware = uri.hostname;
 		}
 
-		if ((strstr(c_host, url_ipv6_aware) == NULL) || (strstr(url_ipv6_aware, c_host) == NULL)) {
+		if ((_oidc_strstr(c_host, url_ipv6_aware) == NULL) || (_oidc_strstr(url_ipv6_aware, c_host) == NULL)) {
 			*err_str = apr_pstrdup(r->pool, "Invalid Request");
 			*err_desc = apr_psprintf(
 			    r->pool, "URL value \"%s\" does not match the hostname of the current request \"%s\"",
@@ -2838,41 +2839,41 @@ apr_byte_t oidc_validate_redirect_url(request_rec *r, oidc_cfg *c, const char *r
 		}
 	}
 
-	if ((uri.hostname == NULL) && (strstr(url, "/") != url)) {
+	if ((uri.hostname == NULL) && (_oidc_strstr(url, "/") != url)) {
 		*err_str = apr_pstrdup(r->pool, "Malformed URL");
 		*err_desc = apr_psprintf(
 		    r->pool, "No hostname was parsed and it does not seem to be relative, i.e starting with '/': %s",
 		    url);
 		oidc_error(r, "%s: %s", *err_str, *err_desc);
 		return FALSE;
-	} else if ((uri.hostname == NULL) && (strstr(url, "//") == url)) {
+	} else if ((uri.hostname == NULL) && (_oidc_strstr(url, "//") == url)) {
 		*err_str = apr_pstrdup(r->pool, "Malformed URL");
 		*err_desc = apr_psprintf(r->pool, "No hostname was parsed and starting with '//': %s", url);
 		oidc_error(r, "%s: %s", *err_str, *err_desc);
 		return FALSE;
-	} else if ((uri.hostname == NULL) && (strstr(url, "/\\") == url)) {
+	} else if ((uri.hostname == NULL) && (_oidc_strstr(url, "/\\") == url)) {
 		*err_str = apr_pstrdup(r->pool, "Malformed URL");
 		*err_desc = apr_psprintf(r->pool, "No hostname was parsed and starting with '/\\': %s", url);
 		oidc_error(r, "%s: %s", *err_str, *err_desc);
 		return FALSE;
 	}
 
 	/* validate the URL to prevent HTTP header splitting */
-	if (((strstr(url, "\n") != NULL) || strstr(url, "\r") != NULL)) {
+	if (((_oidc_strstr(url, "\n") != NULL) || _oidc_strstr(url, "\r") != NULL)) {
 		*err_str = apr_pstrdup(r->pool, "Invalid URL");
 		*err_desc =
 		    apr_psprintf(r->pool, "URL value \"%s\" contains illegal \"\n\" or \"\r\" character(s)", url);
 		oidc_error(r, "%s: %s", *err_str, *err_desc);
 		return FALSE;
 	}
-	if ((strstr(url, "/%09") != NULL) || (oidc_util_strcasestr(url, "/%2f") != NULL) ||
-	    (strstr(url, "/\t") != NULL) || (strstr(url, "/%68") != NULL) ||
+	if ((_oidc_strstr(url, "/%09") != NULL) || (oidc_util_strcasestr(url, "/%2f") != NULL) ||
+	    (_oidc_strstr(url, "/\t") != NULL) || (_oidc_strstr(url, "/%68") != NULL) ||
 	    (oidc_util_strcasestr(url, "/http:") != NULL) || (oidc_util_strcasestr(url, "/https:") != NULL) ||
-	    (oidc_util_strcasestr(url, "/javascript:") != NULL) || (strstr(url, "/〱") != NULL) ||
-	    (strstr(url, "/〵") != NULL) || (strstr(url, "/ゝ") != NULL) || (strstr(url, "/ー") != NULL) ||
-	    (strstr(url, "/ｰ") != NULL) || (strstr(url, "/<") != NULL) ||
-	    (oidc_util_strcasestr(url, "%01javascript:") != NULL) || (strstr(url, "/%5c") != NULL) ||
-	    (strstr(url, "/\\") != NULL)) {
+	    (oidc_util_strcasestr(url, "/javascript:") != NULL) || (_oidc_strstr(url, "/〱") != NULL) ||
+	    (_oidc_strstr(url, "/〵") != NULL) || (_oidc_strstr(url, "/ゝ") != NULL) ||
+	    (_oidc_strstr(url, "/ー") != NULL) || (_oidc_strstr(url, "/ｰ") != NULL) ||
+	    (_oidc_strstr(url, "/<") != NULL) || (oidc_util_strcasestr(url, "%01javascript:") != NULL) ||
+	    (_oidc_strstr(url, "/%5c") != NULL) || (_oidc_strstr(url, "/\\") != NULL)) {
 		*err_str = apr_pstrdup(r->pool, "Invalid URL");
 		*err_desc = apr_psprintf(r->pool, "URL value \"%s\" contains illegal character(s)", url);
 		oidc_error(r, "%s: %s", *err_str, *err_desc);
@@ -2970,7 +2971,7 @@ static int oidc_handle_discovery_response(request_rec *r, oidc_cfg *c) {
 			login_hint = apr_pstrdup(r->pool, user);
 
 		/* normalize the user identifier */
-		if (strstr(user, "https://") != user)
+		if (_oidc_strstr(user, "https://") != user)
 			user = apr_psprintf(r->pool, "https://%s", user);
 
 		/* got an user identifier as input, perform OP discovery with that */
@@ -2985,11 +2986,11 @@ static int oidc_handle_discovery_response(request_rec *r, oidc_cfg *c) {
 
 		/* issuer is set now, so let's continue as planned */
 
-	} else if (strstr(issuer, OIDC_STR_AT) != NULL) {
+	} else if (_oidc_strstr(issuer, OIDC_STR_AT) != NULL) {
 
 		if (login_hint == NULL) {
 			login_hint = apr_pstrdup(r->pool, issuer);
-			// char *p = strstr(issuer, OIDC_STR_AT);
+			// char *p = _oidc_strstr(issuer, OIDC_STR_AT);
 			//*p = '\0';
 		}
 
@@ -3238,7 +3239,7 @@ static int oidc_handle_logout_request(request_rec *r, oidc_cfg *c, oidc_session_
 		/* see if this is PF-PA style logout in which case we return a transparent pixel */
 		const char *accept = oidc_http_hdr_in_accept_get(r);
 		if ((_oidc_strcmp(url, OIDC_IMG_STYLE_LOGOUT_PARAM_VALUE) == 0) ||
-		    ((accept) && strstr(accept, OIDC_HTTP_CONTENT_TYPE_IMAGE_PNG))) {
+		    ((accept) && _oidc_strstr(accept, OIDC_HTTP_CONTENT_TYPE_IMAGE_PNG))) {
 			return oidc_http_send(r, (const char *)&oidc_transparent_pixel, sizeof(oidc_transparent_pixel),
 					      OIDC_HTTP_CONTENT_TYPE_IMAGE_PNG, OK);
 		}
@@ -3593,7 +3594,7 @@ static int oidc_handle_session_management_iframe_rp(request_rec *r, oidc_cfg *c,
 	char *origin = apr_pstrdup(r->pool, check_session_iframe);
 	apr_uri_t uri;
 	apr_uri_parse(r->pool, check_session_iframe, &uri);
-	char *p = strstr(origin, uri.path);
+	char *p = _oidc_strstr(origin, uri.path);
 	*p = '\0';
 
 	/* the element identifier for the OP iframe */

src/parse.c

@@ -297,7 +297,7 @@ const char *oidc_parse_session_type(apr_pool_t *pool, const char *arg, int *type
 		return rv;
 
 	char *s = apr_pstrdup(pool, arg);
-	char *p = strstr(s, OIDC_SESSION_TYPE_SEPARATOR);
+	char *p = _oidc_strstr(s, OIDC_SESSION_TYPE_SEPARATOR);
 
 	if (p) {
 		*p = '\0';
@@ -595,19 +595,19 @@ const char *oidc_parse_use_enc_kid_key_tuple(apr_pool_t *pool, const char *tuple
 		return "tuple value not set";
 
 	if (use) {
-		if (strstr(tuple, OIDC_KEY_SIG_PREFIX) == tuple) {
+		if (_oidc_strstr(tuple, OIDC_KEY_SIG_PREFIX) == tuple) {
 			*use = OIDC_JOSE_JWK_SIG_STR;
 			tuple += strlen(OIDC_KEY_SIG_PREFIX);
-		} else if (strstr(tuple, OIDC_KEY_ENC_PREFIX) == tuple) {
+		} else if (_oidc_strstr(tuple, OIDC_KEY_ENC_PREFIX) == tuple) {
 			*use = OIDC_JOSE_JWK_ENC_STR;
 			tuple += strlen(OIDC_KEY_ENC_PREFIX);
 		}
 	}
 
 	s = apr_pstrdup(pool, tuple);
-	p = strstr(s, OIDC_KEY_TUPLE_SEPARATOR);
+	p = _oidc_strstr(s, OIDC_KEY_TUPLE_SEPARATOR);
 	if (p && triplet)
-		q = strstr(p + 1, OIDC_KEY_TUPLE_SEPARATOR);
+		q = _oidc_strstr(p + 1, OIDC_KEY_TUPLE_SEPARATOR);
 
 	if (p) {
 		if (q) {
@@ -709,7 +709,7 @@ const char *oidc_parse_pass_userinfo_as(apr_pool_t *pool, const char *v, oidc_pa
 				  OIDC_PASS_USERINFO_AS_JWT_STR, OIDC_PASS_USERINFO_AS_SIGNED_JWT_STR, NULL};
 	const char *rv = NULL;
 
-	char *name = strstr(v, ":");
+	char *name = _oidc_strstr(v, ":");
 	if (name) {
 		*name = '\0';
 		name++;
@@ -800,9 +800,9 @@ static apr_byte_t oidc_parse_oauth_accept_token_in_str2byte(const char *v) {
 		return OIDC_OAUTH_ACCEPT_TOKEN_IN_POST;
 	if (_oidc_strcmp(v, OIDC_OAUTH_ACCEPT_TOKEN_IN_QUERY_STR) == 0)
 		return OIDC_OAUTH_ACCEPT_TOKEN_IN_QUERY;
-	if (strstr(v, OIDC_OAUTH_ACCEPT_TOKEN_IN_COOKIE_STR) == v)
+	if (_oidc_strstr(v, OIDC_OAUTH_ACCEPT_TOKEN_IN_COOKIE_STR) == v)
 		return OIDC_OAUTH_ACCEPT_TOKEN_IN_COOKIE;
-	if (strstr(v, OIDC_OAUTH_ACCEPT_TOKEN_IN_BASIC_STR) == v)
+	if (_oidc_strstr(v, OIDC_OAUTH_ACCEPT_TOKEN_IN_BASIC_STR) == v)
 		return OIDC_OAUTH_ACCEPT_TOKEN_IN_BASIC;
 	return OIDC_OAUTH_ACCEPT_TOKEN_IN_DEFAULT;
 }
@@ -821,7 +821,7 @@ const char *oidc_parse_accept_oauth_token_in(apr_pool_t *pool, const char *arg,
 	const char *rv = NULL;
 
 	const char *s = apr_pstrdup(pool, arg);
-	char *p = strstr(s, OIDC_OAUTH_ACCEPT_TOKEN_IN_COOKIE_SEPARATOR);
+	char *p = _oidc_strstr(s, OIDC_OAUTH_ACCEPT_TOKEN_IN_COOKIE_SEPARATOR);
 
 	if (p != NULL) {
 		*p = '\0';

src/proto.c

@@ -1383,7 +1383,7 @@ apr_byte_t oidc_proto_jwt_verify(request_rec *r, oidc_cfg *cfg, oidc_jwt_t *jwt,
  */
 char *oidc_proto_peek_jwt_header(request_rec *r, const char *compact_encoded_jwt, char **alg, char **enc, char **kid) {
 	char *input = NULL, *result = NULL;
-	char *p = strstr(compact_encoded_jwt ? compact_encoded_jwt : "", ".");
+	char *p = _oidc_strstr(compact_encoded_jwt ? compact_encoded_jwt : "", ".");
 	if (p == NULL) {
 		oidc_warn(r, "could not parse first element separated by \".\" from input");
 		return NULL;

src/util.c

@@ -214,7 +214,7 @@ static const char *oidc_util_get__oidc_jwt_hdr_dir_a256gcm(request_rec *r, char
 		compact_encoded_jwt = input;
 	}
 
-	p = strstr(compact_encoded_jwt, "..");
+	p = _oidc_strstr(compact_encoded_jwt, "..");
 	if (p) {
 		_oidc_jwt_hdr_dir_a256gcm = apr_pstrndup(r->server->process->pconf, compact_encoded_jwt,
 							 _oidc_strlen(compact_encoded_jwt) - _oidc_strlen(p) + 2);
@@ -846,7 +846,7 @@ apr_byte_t oidc_http_request_has_parameter(request_rec *r, const char *param) {
 		return FALSE;
 	const char *option1 = apr_psprintf(r->pool, "%s=", param);
 	const char *option2 = apr_psprintf(r->pool, "&%s=", param);
-	return ((strstr(r->args, option1) == r->args) || (strstr(r->args, option2) != NULL)) ? TRUE : FALSE;
+	return ((_oidc_strstr(r->args, option1) == r->args) || (_oidc_strstr(r->args, option2) != NULL)) ? TRUE : FALSE;
 }
 
 /*
@@ -1211,7 +1211,7 @@ apr_byte_t oidc_http_read_post_params(request_rec *r, apr_table_t *table, apr_by
 
 	content_type = oidc_http_hdr_in_content_type_get(r);
 	if ((r->method_number != M_POST) || (content_type == NULL) ||
-	    (strstr(content_type, OIDC_HTTP_CONTENT_TYPE_FORM_ENCODED) != content_type)) {
+	    (_oidc_strstr(content_type, OIDC_HTTP_CONTENT_TYPE_FORM_ENCODED) != content_type)) {
 		oidc_debug(r, "required content-type %s not found", OIDC_HTTP_CONTENT_TYPE_FORM_ENCODED);
 		goto end;
 	}
@@ -1934,7 +1934,7 @@ int oidc_util_cookie_domain_valid(const char *hostname, char *cookie_domain) {
 	// with a ".", ASCII 46
 	if (check_cookie[0] == 46)
 		check_cookie++;
-	p = strstr(hostname, check_cookie);
+	p = _oidc_strstr(hostname, check_cookie);
 
 	if ((p == NULL) || (_oidc_strcmp(check_cookie, p) != 0)) {
 		return FALSE;