This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 2344a45ec394f9cd9293997c003d41641fc9f44a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jan 10 21:51:03 2022 +0000
Narrow the scope of the logging of invalid ccokies.
Just log the invalid cookie rather than the whole cookie header.
---
.../org/apache/tomcat/util/http/parser/Cookie.java | 31 +++++++++++-----------
webapps/docs/changelog.xml | 4 +++
2 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/Cookie.java
b/java/org/apache/tomcat/util/http/parser/Cookie.java
index 24c33b2..ac8855a 100644
--- a/java/org/apache/tomcat/util/http/parser/Cookie.java
+++ b/java/org/apache/tomcat/util/http/parser/Cookie.java
@@ -199,6 +199,7 @@ public class Cookie {
while (moreToProcess) {
skipLWS(bb);
+ int start = bb.position();
ByteBuffer name = readToken(bb);
ByteBuffer value = null;
@@ -209,9 +210,9 @@ public class Cookie {
skipLWS(bb);
value = readCookieValueRfc6265(bb);
if (value == null) {
- logInvalidHeader(bb);
// Invalid cookie value. Skip to the next semi-colon
skipUntilSemiColon(bb);
+ logInvalidHeader(start, bb);
continue;
}
skipLWS(bb);
@@ -221,9 +222,9 @@ public class Cookie {
if (skipResult == SkipResult.FOUND) {
// NO-OP
} else if (skipResult == SkipResult.NOT_FOUND) {
- logInvalidHeader(bb);
// Invalid cookie. Ignore it and skip to the next semi-colon
skipUntilSemiColon(bb);
+ logInvalidHeader(start, bb);
continue;
} else {
// SkipResult.EOF
@@ -252,6 +253,7 @@ public class Cookie {
skipLWS(bb);
boolean parseAttributes = true;
+ int start = bb.position();
ByteBuffer name = readToken(bb);
ByteBuffer value = null;
@@ -265,7 +267,7 @@ public class Cookie {
skipLWS(bb);
value = readCookieValueRfc2109(bb, false);
if (value == null) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
skipLWS(bb);
@@ -281,7 +283,7 @@ public class Cookie {
parseAttributes = false;
moreToProcess = false;
} else if (skipResult == SkipResult.NOT_FOUND) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
@@ -292,13 +294,13 @@ public class Cookie {
skipLWS(bb);
skipResult = skipByte(bb, EQUALS_BYTE);
if (skipResult != SkipResult.FOUND) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
skipLWS(bb);
path = readCookieValueRfc2109(bb, true);
if (path == null) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
skipLWS(bb);
@@ -313,7 +315,7 @@ public class Cookie {
parseAttributes = false;
moreToProcess = false;
} else if (skipResult == SkipResult.NOT_FOUND) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
}
@@ -326,13 +328,13 @@ public class Cookie {
skipLWS(bb);
skipResult = skipByte(bb, EQUALS_BYTE);
if (skipResult != SkipResult.FOUND) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
skipLWS(bb);
domain = readCookieValueRfc2109(bb, false);
if (domain == null) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
skipLWS(bb);
@@ -347,7 +349,7 @@ public class Cookie {
parseAttributes = false;
moreToProcess = false;
} else if (skipResult == SkipResult.NOT_FOUND) {
- skipInvalidCookie(bb);
+ skipInvalidCookie(start, bb);
continue;
}
}
@@ -369,10 +371,10 @@ public class Cookie {
}
- private static void skipInvalidCookie(ByteBuffer bb) {
- logInvalidHeader(bb);
+ private static void skipInvalidCookie(int start, ByteBuffer bb) {
// Invalid cookie value. Skip to the next semi-colon
skipUntilSemiColonOrComma(bb);
+ logInvalidHeader(start, bb);
}
@@ -583,11 +585,10 @@ public class Cookie {
}
- private static void logInvalidHeader(ByteBuffer bb) {
+ private static void logInvalidHeader(int start, ByteBuffer bb) {
UserDataHelper.Mode logMode = invalidCookieLog.getNextMode();
if (logMode != null) {
- String headerValue = new String(bb.array(), bb.position(),
bb.limit() - bb.position(),
- StandardCharsets.UTF_8);
+ String headerValue = new String(bb.array(), start, bb.position() -
start, StandardCharsets.UTF_8);
String message = sm.getString("cookie.invalidCookieValue",
headerValue);
switch (logMode) {
case INFO_THEN_DEBUG:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 707ec40..0dca2ba 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -167,6 +167,10 @@
Explicitly release ByteBuffer instances associated with pooled channels
when stopping the NioEndpoint and Nio2Endpoint. (markt)
</fix>
+ <fix>
+ Narrow the scope of the logging of invalid cookie headers to just the
+ invalid cookie rather than the whole cookie header. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
