You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by lu...@apache.org on 2004/08/10 01:23:43 UTC
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http Cookies.java
luehe 2004/08/09 16:23:43
Modified: util/java/org/apache/tomcat/util/http Cookies.java
Log:
Avoid potential ArrayIndexOutOfBoundsException for something like
Cookie: abc=
We've been incrementing pos and later accessing
cc=bytes[pos];
without checking for out-of-range, causing
ArrayIndexOutOfBoundsException in some cases.
Revision Changes Path
1.7 +1 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java
Index: Cookies.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Cookies.java 24 Feb 2004 08:50:04 -0000 1.6
+++ Cookies.java 9 Aug 2004 23:23:43 -0000 1.7
@@ -225,7 +225,7 @@
cc=bytes[pos];
pos++;
- if( cc==';' || cc==',' ) {
+ if( cc==';' || cc==',' || pos>=end ) {
if( ! isSpecial && startName!= endName ) {
sc=addCookie();
sc.getName().setBytes( bytes, startName,
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org