This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new 496cc6c Fix BZ 64509 - Correctly parse RFC 2109 496cc6c is described below commit 496cc6c74c2420dc61ce6803641f00d1fa337c46 Author: Mark Thomas <ma...@apache.org> AuthorDate: Wed Jun 10 20:53:46 2020 +0100 Fix BZ 64509 - Correctly parse RFC 2109 --- .../org/apache/tomcat/util/http/parser/Cookie.java | 9 +- .../apache/tomcat/util/http/parser/TestCookie.java | 96 ++++++++++++++++++++++ webapps/docs/changelog.xml | 5 ++ 3 files changed, 107 insertions(+), 3 deletions(-) diff --git a/java/org/apache/tomcat/util/http/parser/Cookie.java b/java/org/apache/tomcat/util/http/parser/Cookie.java index be29c31..895ce64 100644 --- a/java/org/apache/tomcat/util/http/parser/Cookie.java +++ b/java/org/apache/tomcat/util/http/parser/Cookie.java @@ -275,8 +275,9 @@ public class Cookie { skipResult = skipByte(bb, COMMA_BYTE); if (skipResult == SkipResult.FOUND) { parseAttributes = false; + } else { + skipResult = skipByte(bb, SEMICOLON_BYTE); } - skipResult = skipByte(bb, SEMICOLON_BYTE); if (skipResult == SkipResult.EOF) { parseAttributes = false; moreToProcess = false; @@ -304,8 +305,9 @@ public class Cookie { skipResult = skipByte(bb, COMMA_BYTE); if (skipResult == SkipResult.FOUND) { parseAttributes = false; + } else { + skipResult = skipByte(bb, SEMICOLON_BYTE); } - skipResult = skipByte(bb, SEMICOLON_BYTE); if (skipResult == SkipResult.EOF) { parseAttributes = false; moreToProcess = false; @@ -334,8 +336,9 @@ public class Cookie { skipResult = skipByte(bb, COMMA_BYTE); if (skipResult == SkipResult.FOUND) { parseAttributes = false; + } else { + skipResult = skipByte(bb, SEMICOLON_BYTE); } - skipResult = skipByte(bb, SEMICOLON_BYTE); if (skipResult == SkipResult.EOF) { parseAttributes = false; moreToProcess = false; diff --git a/test/org/apache/tomcat/util/http/parser/TestCookie.java b/test/org/apache/tomcat/util/http/parser/TestCookie.java new file mode 100644 index 0000000..c97e587 --- /dev/null +++ b/test/org/apache/tomcat/util/http/parser/TestCookie.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.util.http.parser; + +import java.nio.charset.StandardCharsets; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameter; + +import org.apache.tomcat.util.http.ServerCookies; + +@RunWith(Parameterized.class) +public class TestCookie { + + @Parameterized.Parameters(name = "{index}: header[{0}]") + public static Collection<Object[]> parameters() { + + List<Object[]> parameterSets = new ArrayList<>(); + + String[] SEPS = new String[] { ",", ";" }; + String[] PATHS = new String[] { ";$Path=/foo", ""}; + String[] DOMAINS = new String[] { ";$Domain=bar.com", ""}; + + for (String sep1 : SEPS) { + for (String path1 : PATHS) { + for (String domain1 : DOMAINS) { + for (String sep2 : SEPS) { + for (String path2 : PATHS) { + for (String domain2 : DOMAINS) { + for (String sep3 : SEPS) { + for (String path3 : PATHS) { + for (String domain3 : DOMAINS) { + StringBuilder sb = new StringBuilder("$Version=1"); + sb.append(sep1); + sb.append("first=1"); + sb.append(path1); + sb.append(domain1); + sb.append(sep2); + sb.append("second=2"); + sb.append(path2); + sb.append(domain2); + sb.append(sep3); + sb.append("third=3"); + sb.append(path3); + sb.append(domain3); + + parameterSets.add(new Object[] { sb.toString() }); + } + } + } + } + } + } + } + } + } + return parameterSets; + } + + @Parameter(0) + public String cookieHeader; + + @Test + public void testParseThreeCookieHeader() { + ServerCookies serverCookies = new ServerCookies(3); + byte[] inputBytes = cookieHeader.getBytes(StandardCharsets.ISO_8859_1); + Cookie.parseCookie(inputBytes, 0, inputBytes.length, serverCookies); + Assert.assertEquals(3, serverCookies.getCookieCount()); + Assert.assertEquals("first", serverCookies.getCookie(0).getName().toString()); + Assert.assertEquals("1", serverCookies.getCookie(0).getValue().toString()); + Assert.assertEquals("second", serverCookies.getCookie(1).getName().toString()); + Assert.assertEquals("2", serverCookies.getCookie(1).getValue().toString()); + Assert.assertEquals("third", serverCookies.getCookie(2).getName().toString()); + Assert.assertEquals("3", serverCookies.getCookie(2).getValue().toString()); + } +} diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index e034840..62d777e 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -71,6 +71,11 @@ response and it is known that the <code>maxSwallowSize</code> limit is going to be exceeded. (markt) </add> + <fix> + <bug>64509</bug>: Correctly parse RFC 2109 version 1 cookies that use a + comma as a separater between cookies when using the RFC 6265 cookie + processor. Based on a patch by W J Carpenter. (markt) + </fix> </changelog> </subsection> <subsection name="Other"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org