luehe 2003/06/02 10:45:09 Modified: util/java/org/apache/tomcat/util/http Cookies.java Log: Fixed Bugtraq 4872647: "RFC 2109 cookies with quoted values are not processed properly" Patch provided by Ryan Lubke. Revision Changes Path 1.4 +5 -4 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java Index: Cookies.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Cookies.java 17 Feb 2003 01:40:55 -0000 1.3 +++ Cookies.java 2 Jun 2003 17:45:09 -0000 1.4 @@ -231,6 +231,7 @@ int version=0; //sticky ServerCookie sc=null; + while( pos<end ) { byte cc; // [ skip_spaces name skip_spaces "=" skip_spaces value EXTRA ; ] * @@ -286,7 +287,7 @@ // quote is valid only in version=1 cookies cc=bytes[pos]; - if( version==1 && ( cc== '\'' || cc=='"' ) ) { + if( ( version == 1 || isSpecial ) && ( cc== '\'' || cc=='"' ) ) { startValue++; endValue=indexOf( bytes, startValue, end, cc ); pos=endValue+1; // to skip to next cookie @@ -470,7 +471,6 @@ } /* - public static void main( String args[] ) { test("foo=bar; a=b"); test("foo=bar;a=b"); @@ -480,7 +480,8 @@ test("foo=;a=b; ;"); test("foo;a=b; ;"); // v1 - test("$Version=1; foo=bar;a=b"); + test("$Version=1; foo=bar;a=b"); + test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\""); test("$Version=1;foo=bar;a=b; ; "); test("$Version=1;foo=;a=b; ; "); test("$Version=1;foo= ;a=b; ; "); @@ -505,6 +506,6 @@ } } - */ + }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]