luehe 2003/06/02 10:45:09
Modified: util/java/org/apache/tomcat/util/http Cookies.java
Log:
Fixed Bugtraq 4872647: "RFC 2109 cookies with quoted values are not processed
properly"
Patch provided by Ryan Lubke.
Revision Changes Path
1.4 +5 -4
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java
Index: Cookies.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Cookies.java 17 Feb 2003 01:40:55 -0000 1.3
+++ Cookies.java 2 Jun 2003 17:45:09 -0000 1.4
@@ -231,6 +231,7 @@
int version=0; //sticky
ServerCookie sc=null;
+
while( pos<end ) {
byte cc;
// [ skip_spaces name skip_spaces "=" skip_spaces value EXTRA ; ] *
@@ -286,7 +287,7 @@
// quote is valid only in version=1 cookies
cc=bytes[pos];
- if( version==1 && ( cc== '\'' || cc=='"' ) ) {
+ if( ( version == 1 || isSpecial ) && ( cc== '\'' || cc=='"' ) ) {
startValue++;
endValue=indexOf( bytes, startValue, end, cc );
pos=endValue+1; // to skip to next cookie
@@ -470,7 +471,6 @@
}
/*
-
public static void main( String args[] ) {
test("foo=bar; a=b");
test("foo=bar;a=b");
@@ -480,7 +480,8 @@
test("foo=;a=b; ;");
test("foo;a=b; ;");
// v1
- test("$Version=1; foo=bar;a=b");
+ test("$Version=1; foo=bar;a=b");
+ test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"");
test("$Version=1;foo=bar;a=b; ; ");
test("$Version=1;foo=;a=b; ; ");
test("$Version=1;foo= ;a=b; ; ");
@@ -505,6 +506,6 @@
}
}
-
*/
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
