tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lu...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http Cookies.java
Date Mon, 02 Jun 2003 17:45:09 GMT
luehe       2003/06/02 10:45:09

  Modified:    util/java/org/apache/tomcat/util/http Cookies.java
  Log:
  Fixed Bugtraq 4872647: "RFC 2109 cookies with quoted values are not processed properly"
  
  Patch provided by Ryan Lubke.
  
  Revision  Changes    Path
  1.4       +5 -4      jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java
  
  Index: Cookies.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- Cookies.java	17 Feb 2003 01:40:55 -0000	1.3
  +++ Cookies.java	2 Jun 2003 17:45:09 -0000	1.4
  @@ -231,6 +231,7 @@
   	int version=0; //sticky
   	ServerCookie sc=null;
   	
  +
   	while( pos<end ) {
   	    byte cc;
   	    // [ skip_spaces name skip_spaces "=" skip_spaces value EXTRA ; ] *
  @@ -286,7 +287,7 @@
   	    
   	    // quote is valid only in version=1 cookies
   	    cc=bytes[pos];
  -	    if( version==1 && ( cc== '\'' || cc=='"' ) ) {
  +	    if( ( version == 1 || isSpecial ) && ( cc== '\'' || cc=='"' ) ) {
   		startValue++;
   		endValue=indexOf( bytes, startValue, end, cc );
   		pos=endValue+1; // to skip to next cookie
  @@ -470,7 +471,6 @@
       }
   
       /*
  -
       public static void main( String args[] ) {
   	test("foo=bar; a=b");
   	test("foo=bar;a=b");
  @@ -480,7 +480,8 @@
   	test("foo=;a=b; ;");
   	test("foo;a=b; ;");
   	// v1 
  -	test("$Version=1; foo=bar;a=b");
  +	test("$Version=1; foo=bar;a=b"); 
  +        test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"");
   	test("$Version=1;foo=bar;a=b; ; ");
   	test("$Version=1;foo=;a=b; ; ");
   	test("$Version=1;foo= ;a=b; ; ");
  @@ -505,6 +506,6 @@
   	}
   	    
       }
  -
       */
  +
   }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message