You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/01 21:48:06 UTC

svn commit: r1621875 - /tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java

Author: markt
Date: Mon Sep  1 19:48:06 2014
New Revision: 1621875

URL: http://svn.apache.org/r1621875
Log:
Fix handling of invalid cookie versions

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java?rev=1621875&r1=1621874&r2=1621875&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java Mon Sep  1 19:48:06 2014
@@ -115,10 +115,17 @@ public class Cookie {
         skipLWS(bb);
 
         ByteBuffer value = readCookieValue(bb);
-        if (value != null && value.remaining() == 1 && value.get() == (byte) 49) {
-            // $Version=1 -> RFC2109
-            parseCookieRfc2109(bb, serverCookies);
-            return;
+        if (value != null && value.remaining() == 1) {
+            if (value.get() == (byte) 49) {
+                // $Version=1 -> RFC2109
+                parseCookieRfc2109(bb, serverCookies);
+                return;
+            } else {
+                // Unrecognised version.
+                // Ignore this header.
+                value.rewind();
+                logInvalidVersion(value);
+            }
         } else {
             // Unrecognised version.
             // Ignore this header.
@@ -350,8 +357,8 @@ public class Cookie {
             if (value == null) {
                 version = sm.getString("cookie.valueNotPresent");
             } else {
-                version = new String(value.bytes, value.position(), value.limit(),
-                        StandardCharsets.UTF_8);
+                version = new String(value.bytes, value.position(),
+                        value.limit() - value.position(), StandardCharsets.UTF_8);
             }
             String message = sm.getString("cookie.invalidCookieVersion", version);
             switch (logMode) {



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org