svn commit: r1622031 - in /tomcat/trunk: test/org/apache/tomcat/util/http/TestCookies.java webapps/docs/changelog.xml

Tue, 02 Sep 2014 08:11:52 -0700 

Author: markt
Date: Tue Sep  2 15:10:41 2014
New Revision: 1622031

URL: http://svn.apache.org/r1622031
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55917
The new cookie parser correctly handles 8-bit values.
Add the test cases from the proposed patch by Jeremy Boynes.
NOte RFC2616 does not treat any characters in the range 0x80 to 0xFF as control 
characters.

Modified:
    tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1622031&r1=1622030&r2=1622031&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Tue Sep  2 
15:10:41 2014
@@ -29,6 +29,7 @@ import org.apache.tomcat.util.buf.Messag
 public class TestCookies {
     private final Cookie FOO = new Cookie("foo", "bar");
     private final Cookie FOO_EMPTY = new Cookie("foo", "");
+    private final Cookie FOO_CONTROL = new Cookie("foo", "b\u00e1r");
     private final Cookie BAR = new Cookie("bar", "rab");
     private final Cookie BAR_EMPTY = new Cookie("bar", "");
     private final Cookie A = new Cookie("a", "b");
@@ -387,6 +388,67 @@ public class TestCookies {
         test(true, "$Version=0;foo=bar");
     }
 
+    @Test
+    public void disallow8bitInName() {
+        // Bug 55917
+        test(true, "f\u00f6o=bar");
+    }
+
+    @Test
+    public void disallowControlInName() {
+        // Bug 55917
+        test(true, "f\010o=bar");
+    }
+
+    @Test
+    public void disallow8BitControlInName() {
+        // Bug 55917
+        test(true, "f\210o=bar");
+    }
+
+    @Test
+    public void allow8BitInV0Value() {
+        // Bug 55917
+        test(true, "foo=b\u00e1r", FOO_CONTROL);
+    }
+
+    @Test
+    public void disallow8bitInV1UnquotedValue() {
+        // Bug 55917
+        test(true, "$Version=1; foo=b\u00e1r");
+    }
+
+    @Test
+    public void allow8bitInV1QuotedValue() {
+        // Bug 55917
+        FOO_CONTROL.setVersion(1);
+        test(true, "$Version=1; foo=\"b\u00e1r\"", FOO_CONTROL);
+    }
+
+    @Test
+    public void disallowControlInV0Value() {
+        // Bug 55917
+        test(true, "foo=b\010r");
+    }
+
+    @Test
+    public void disallowControlInV1UnquotedValue() {
+        // Bug 55917
+        test(true, "$Version=1; foo=b\010r");
+    }
+
+    @Test
+    public void disallowControlInV1QuotedValue() {
+        // Bug 55917
+        test(true, "$Version=1; foo=\"b\010r\"");
+    }
+
+    @Test
+    public void disallow8BitControlInV1UnquotedValue() {
+        // Bug 55917
+        test(true, "$Version=1; foo=b\210r");
+    }
+
     private void test(boolean useRfc6265, String header, Cookie... expected) {
         MimeHeaders mimeHeaders = new MimeHeaders();
         Cookies cookies = new Cookies(mimeHeaders);
@@ -401,6 +463,7 @@ public class TestCookies {
             ServerCookie actual = cookies.getCookie(i);
             Assert.assertEquals(cookie.getVersion(), actual.getVersion());
             Assert.assertEquals(cookie.getName(), actual.getName().toString());
+            
actual.getValue().getByteChunk().setCharset(StandardCharsets.UTF_8);
             Assert.assertEquals(cookie.getValue(),
                     
org.apache.tomcat.util.http.parser.Cookie.unescapeCookieValueRfc2109(
                             actual.getValue().toString()));

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1622031&r1=1622030&r2=1622031&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Sep  2 15:10:41 2014
@@ -48,6 +48,12 @@
   <subsection name="Catalina">
     <changelog>
       <fix>
+        <bug>55917</bug>: Allow bytes in the range 0x80 to 0xFF to appear in
+        cookie values if the cookie is a V1 (RFC2109) cookie and the value is
+        correctly quoted. The new RFC6265 based cookie parser must be enabled 
to
+        correctly handle these cookies. (markt)
+      </fix>
+      <fix>
         <bug>56900</bug>: Fix some potential resource leaks when reading
         property files reported by Coverity Scan. Based on patches provided by
         Felix Schumacher. (markt)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to