[Bug 55095] New: isV0Separator method fail on production environment - IllegalArgumentException : Control character in cookie value or attribute.

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55095

            Bug ID: 55095
           Summary: isV0Separator method fail on production environment -
                    IllegalArgumentException : Control character in cookie
                    value or attribute.
           Product: Tomcat 7
           Version: 7.0.40
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: javier.dura...@mercadolibre.com

I'm getting a low percent of requests failed due to an exception in the
org/apache/tomcat/util/http/CookieSupport class.

here is the code section:

   public static final boolean isV0Separator(final char c) {
        if (c < 0x20 || c >= 0x7f) {
            if (c != 0x09) {
                throw new IllegalArgumentException(
                        "Control character in cookie value or attribute.");
            }
        }

        return V0_SEPARATOR_FLAGS[c];
    }

I believe that the problem is in the Cookie class:
org/apache/tomcat/util/http/Cookies, in the "processCookieHeader" method line
340.

I'm using the ALLOW_HTTP_SEPARATORS_IN_V0 flag, but the call to the
isV0Separator method is before that, so it gets the Exception and then it
cannot check the flag.

It is possible to ignore this cookies? They are from a external domain so I
cannot modify then, and I don't want to loose request because of this
validation, I would like to ignore it.

My stacktrace is:

java.lang.IllegalArgumentException: Control character in cookie value or
attribute.
org.apache.tomcat.util.http.CookieSupport.isV0Separator
(CookieSupport.java:153)
org.apache.tomcat.util.http.Cookies.processCookieHeader (Cookies.java:340)
     org.apache.tomcat.util.http.Cookies.processCookies (Cookies.java:168)
     org.apache.tomcat.util.http.Cookies.getCookieCount (Cookies.java:106)
…catalina.connector.CoyoteAdapter.parseSessionCookiesId
(CoyoteAdapter.java:932)
…ache.catalina.connector.CoyoteAdapter.postParseRequest
(CoyoteAdapter.java:689)
    org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:403)
…g.apache.coyote.http11.AbstractHttp11Processor.process
(AbstractHttp11Processor.java:1008)
…ote.AbstractProtocol$AbstractConnectionHandler.process
(AbstractProtocol.java:589)
…apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run (JIoEndpoint.java:310)
 java.util.concurrent.ThreadPoolExecutor$Worker.runTask
(ThreadPoolExecutor.java:886)
     java.util.concurrent.ThreadPoolExecutor$Worker.run
(ThreadPoolExecutor.java:908)
                                   java.lang.Thread.run (Thread.java:662)

Thanks

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org