Author: markt
Date: Mon Sep 1 19:48:06 2014
New Revision: 1621875
URL: http://svn.apache.org/r1621875
Log:
Fix handling of invalid cookie versions
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java?rev=1621875&r1=1621874&r2=1621875&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java Mon Sep 1
19:48:06 2014
@@ -115,10 +115,17 @@ public class Cookie {
skipLWS(bb);
ByteBuffer value = readCookieValue(bb);
- if (value != null && value.remaining() == 1 && value.get() == (byte)
49) {
- // $Version=1 -> RFC2109
- parseCookieRfc2109(bb, serverCookies);
- return;
+ if (value != null && value.remaining() == 1) {
+ if (value.get() == (byte) 49) {
+ // $Version=1 -> RFC2109
+ parseCookieRfc2109(bb, serverCookies);
+ return;
+ } else {
+ // Unrecognised version.
+ // Ignore this header.
+ value.rewind();
+ logInvalidVersion(value);
+ }
} else {
// Unrecognised version.
// Ignore this header.
@@ -350,8 +357,8 @@ public class Cookie {
if (value == null) {
version = sm.getString("cookie.valueNotPresent");
} else {
- version = new String(value.bytes, value.position(),
value.limit(),
- StandardCharsets.UTF_8);
+ version = new String(value.bytes, value.position(),
+ value.limit() - value.position(),
StandardCharsets.UTF_8);
}
String message = sm.getString("cookie.invalidCookieVersion",
version);
switch (logMode) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
