https://issues.apache.org/bugzilla/show_bug.cgi?id=55921
Bug ID: 55921
Summary: Cookie values in JSON format are not skipped correctly
when parsing fails
Product: Tomcat 8
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: jboy...@apache.org
Some 3P websites appear to set cookie values using unencoded JSON data; as an
example, the fsr.s cookie set by a certain tracking site. This is invalid per
all cookie specifications due to the use of unescaped "," characters in the
data.
When parsing these values, Tomcat treats the data as a token, determines it is
invalid due to the presence of a "{" character, and attempts to skip to the
next token. However, it determines this boundary by the presence of the ","
character in the middle of the JSON blob and then proceeds to parse the next
cookie starting in the middle of this data. This may result in erroneous
cookies being added.
RFC6265 requires and Netscape suggests that cookie-pairs be separated by the
sequence ";" SP so rather than looking for a single separator character the
recovery mechanism could look for one followed by a SP. However, this would not
recover if the JSON data contained SP characters as JSON permits.
Alternatively, we could assume that a value starting with "{" was JSON encoded
data and parse the value as such. This would be gated by a configuration
option.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
