This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 02a1284 Narrow the scope of the logging of invalid ccokies.
02a1284 is described below
commit 02a1284037e2a4c5ac1e75daf2819740edfe580a
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jan 10 21:51:03 2022 +0000
Narrow the scope of the logging of invalid ccokies.
Just log the invalid cookie rather than the whole cookie header.
---
java/org/apache/tomcat/util/http/parser/Cookie.java | 10 +++++-----
webapps/docs/changelog.xml | 4 ++++
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/Cookie.java
b/java/org/apache/tomcat/util/http/parser/Cookie.java
index 9a321bf..f10d53d 100644
--- a/java/org/apache/tomcat/util/http/parser/Cookie.java
+++ b/java/org/apache/tomcat/util/http/parser/Cookie.java
@@ -100,6 +100,7 @@ public class Cookie {
while (moreToProcess) {
skipLWS(bb);
+ int start = bb.position();
ByteBuffer name = readToken(bb);
ByteBuffer value = null;
@@ -110,9 +111,9 @@ public class Cookie {
skipLWS(bb);
value = readCookieValueRfc6265(bb);
if (value == null) {
- logInvalidHeader(bb);
// Invalid cookie value. Skip to the next semi-colon
skipUntilSemiColon(bb);
+ logInvalidHeader(start, bb);
continue;
}
skipLWS(bb);
@@ -122,9 +123,9 @@ public class Cookie {
if (skipResult == SkipResult.FOUND) {
// NO-OP
} else if (skipResult == SkipResult.NOT_FOUND) {
- logInvalidHeader(bb);
// Invalid cookie. Ignore it and skip to the next semi-colon
skipUntilSemiColon(bb);
+ logInvalidHeader(start, bb);
continue;
} else {
// SkipResult.EOF
@@ -229,11 +230,10 @@ public class Cookie {
}
- private static void logInvalidHeader(ByteBuffer bb) {
+ private static void logInvalidHeader(int start, ByteBuffer bb) {
UserDataHelper.Mode logMode = invalidCookieLog.getNextMode();
if (logMode != null) {
- String headerValue = new String(bb.array(), bb.position(),
bb.limit() - bb.position(),
- StandardCharsets.UTF_8);
+ String headerValue = new String(bb.array(), start, bb.position() -
start, StandardCharsets.UTF_8);
String message = sm.getString("cookie.invalidCookieValue",
headerValue);
switch (logMode) {
case INFO_THEN_DEBUG:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4c777c8..b6fb171 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -176,6 +176,10 @@
Explicitly release ByteBuffer instances associated with pooled channels
when stopping the NioEndpoint and Nio2Endpoint. (markt)
</fix>
+ <fix>
+ Narrow the scope of the logging of invalid cookie headers to just the
+ invalid cookie rather than the whole cookie header. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
