You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/06/17 22:40:33 UTC
[tomcat] branch 8.5.x updated: Improve parsing of space around v1
cookie attributes
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 6cbb1a6 Improve parsing of space around v1 cookie attributes
6cbb1a6 is described below
commit 6cbb1a6737a587bd18981417a94a6edb426e3528
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 17 23:33:21 2020 +0100
Improve parsing of space around v1 cookie attributes
---
java/org/apache/tomcat/util/http/parser/Cookie.java | 5 +++++
test/org/apache/tomcat/util/http/parser/TestCookie.java | 4 ++--
webapps/docs/changelog.xml | 5 +++++
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/Cookie.java b/java/org/apache/tomcat/util/http/parser/Cookie.java
index 895ce64..17c3396 100644
--- a/java/org/apache/tomcat/util/http/parser/Cookie.java
+++ b/java/org/apache/tomcat/util/http/parser/Cookie.java
@@ -287,6 +287,7 @@ public class Cookie {
}
if (parseAttributes) {
+ skipLWS(bb);
skipResult = skipBytes(bb, PATH_BYTES);
if (skipResult == SkipResult.FOUND) {
skipLWS(bb);
@@ -295,6 +296,7 @@ public class Cookie {
skipInvalidCookie(bb);
continue;
}
+ skipLWS(bb);
path = readCookieValueRfc2109(bb, true);
if (path == null) {
skipInvalidCookie(bb);
@@ -319,6 +321,7 @@ public class Cookie {
}
if (parseAttributes) {
+ skipLWS(bb);
skipResult = skipBytes(bb, DOMAIN_BYTES);
if (skipResult == SkipResult.FOUND) {
skipLWS(bb);
@@ -327,11 +330,13 @@ public class Cookie {
skipInvalidCookie(bb);
continue;
}
+ skipLWS(bb);
domain = readCookieValueRfc2109(bb, false);
if (domain == null) {
skipInvalidCookie(bb);
continue;
}
+ skipLWS(bb);
skipResult = skipByte(bb, COMMA_BYTE);
if (skipResult == SkipResult.FOUND) {
diff --git a/test/org/apache/tomcat/util/http/parser/TestCookie.java b/test/org/apache/tomcat/util/http/parser/TestCookie.java
index c97e587..0f8a1dd 100644
--- a/test/org/apache/tomcat/util/http/parser/TestCookie.java
+++ b/test/org/apache/tomcat/util/http/parser/TestCookie.java
@@ -38,8 +38,8 @@ public class TestCookie {
List<Object[]> parameterSets = new ArrayList<>();
String[] SEPS = new String[] { ",", ";" };
- String[] PATHS = new String[] { ";$Path=/foo", ""};
- String[] DOMAINS = new String[] { ";$Domain=bar.com", ""};
+ String[] PATHS = new String[] { ";$Path=/foo", " ; $Path = /foo ", ""};
+ String[] DOMAINS = new String[] { ";$Domain=bar.com", " ; $Domain = bar.com ", ""};
for (String sep1 : SEPS) {
for (String path1 : PATHS) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3a95d5f..b7d2fea 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -91,6 +91,11 @@
to correctly handle input addresses that ended with a pair of colons.
Based on a patch by syarramsetty-skyhook. (markt)
</fix>
+ <fix>
+ Correctly parse RFC 2109 version 1 cookies that have additional linear
+ white space around cookie attrubute names and values when using the RFC
+ 6265 cookie processor. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org