Author: markt
Date: Wed Oct 1 12:58:41 2014
New Revision: 1628693
URL: http://svn.apache.org/r1628693
Log:
Add validation of cookie values.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java?rev=1628693&r1=1628692&r2=1628693&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
Wed Oct 1 12:58:41 2014
@@ -81,12 +81,37 @@ public class Rfc6265CookieProcessor impl
// generation.
header.append(cookie.getName());
header.append('=');
- // TODO: Value also needs validation that varies depending on the spec
- // being used. This is currently delayed until the header is
- // generated.
- header.append(cookie.getValue());
+ String value = cookie.getValue();
+ if (value != null) {
+ validateCookieValue(value);
+ header.append(value);
+ }
// TODO add support for the attributes.
return header.toString();
}
+
+
+ private void validateCookieValue(String value) {
+ if (value == null || value.length() == 0) {
+ return;
+ }
+
+ int start = 0;
+ int end = value.length();
+
+ if (end > 1 && value.charAt(0) == '"' && value.charAt(end - 1) == '"')
{
+ start = 1;
+ end--;
+ }
+
+ char[] chars = value.toCharArray();
+ for (int i = start; i < end; i++) {
+ char c = chars[i];
+ if (c < 0x21 || c == 0x22 || c == 0x2c || c == 0x3b || c == 0x5c
|| c == 0x7f) {
+ // TODO i18n
+ throw new IllegalArgumentException();
+ }
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
