You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/06/17 22:40:06 UTC
[tomcat] 02/02: Improve parsing of space around v1 cookie attributes
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d9b092120b1a6d8822ba514fb69718f5c0f0bc9f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 17 23:33:21 2020 +0100
Improve parsing of space around v1 cookie attributes
---
java/org/apache/tomcat/util/http/parser/Cookie.java | 5 +++++
test/org/apache/tomcat/util/http/parser/TestCookie.java | 4 ++--
webapps/docs/changelog.xml | 5 +++++
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/Cookie.java b/java/org/apache/tomcat/util/http/parser/Cookie.java
index 181e052..24c33b2 100644
--- a/java/org/apache/tomcat/util/http/parser/Cookie.java
+++ b/java/org/apache/tomcat/util/http/parser/Cookie.java
@@ -286,6 +286,7 @@ public class Cookie {
}
if (parseAttributes) {
+ skipLWS(bb);
skipResult = skipBytes(bb, PATH_BYTES);
if (skipResult == SkipResult.FOUND) {
skipLWS(bb);
@@ -294,6 +295,7 @@ public class Cookie {
skipInvalidCookie(bb);
continue;
}
+ skipLWS(bb);
path = readCookieValueRfc2109(bb, true);
if (path == null) {
skipInvalidCookie(bb);
@@ -318,6 +320,7 @@ public class Cookie {
}
if (parseAttributes) {
+ skipLWS(bb);
skipResult = skipBytes(bb, DOMAIN_BYTES);
if (skipResult == SkipResult.FOUND) {
skipLWS(bb);
@@ -326,11 +329,13 @@ public class Cookie {
skipInvalidCookie(bb);
continue;
}
+ skipLWS(bb);
domain = readCookieValueRfc2109(bb, false);
if (domain == null) {
skipInvalidCookie(bb);
continue;
}
+ skipLWS(bb);
skipResult = skipByte(bb, COMMA_BYTE);
if (skipResult == SkipResult.FOUND) {
diff --git a/test/org/apache/tomcat/util/http/parser/TestCookie.java b/test/org/apache/tomcat/util/http/parser/TestCookie.java
index c97e587..0f8a1dd 100644
--- a/test/org/apache/tomcat/util/http/parser/TestCookie.java
+++ b/test/org/apache/tomcat/util/http/parser/TestCookie.java
@@ -38,8 +38,8 @@ public class TestCookie {
List<Object[]> parameterSets = new ArrayList<>();
String[] SEPS = new String[] { ",", ";" };
- String[] PATHS = new String[] { ";$Path=/foo", ""};
- String[] DOMAINS = new String[] { ";$Domain=bar.com", ""};
+ String[] PATHS = new String[] { ";$Path=/foo", " ; $Path = /foo ", ""};
+ String[] DOMAINS = new String[] { ";$Domain=bar.com", " ; $Domain = bar.com ", ""};
for (String sep1 : SEPS) {
for (String path1 : PATHS) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b5016dc..f2ce237 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -91,6 +91,11 @@
to correctly handle input addresses that ended with a pair of colons.
Based on a patch by syarramsetty-skyhook. (markt)
</fix>
+ <fix>
+ Correctly parse RFC 2109 version 1 cookies that have additional linear
+ white space around cookie attrubute names and values when using the RFC
+ 6265 cookie processor. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org