JETTY-1042

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@438 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2009-06-26 00:33:15 +00:00
parent 05f730be81
commit 02dd1975ec
3 changed files with 64 additions and 91 deletions

View File

@ -1,5 +1,6 @@
jetty-7.0.0.M4-SNAPSHOT jetty-7.0.0.M4-SNAPSHOT
+ 281059 NPE in QTP with debug on + 281059 NPE in QTP with debug on
+ JETTY-1042 Prevent cookie leak between shared connection
jetty-7.0.0.M3 20 June 2009 jetty-7.0.0.M3 20 June 2009
+ fixed race with expired async listeners + fixed race with expired async listeners

View File

@ -39,95 +39,85 @@ public class CookieCutter
private static final byte STATE_UNQUOTED_VALUE = 16; private static final byte STATE_UNQUOTED_VALUE = 16;
private Cookie[] _cookies; private Cookie[] _cookies;
private String[] _fields; private Cookie[] _lastCookies;
int _added=0; Object _lazyFields;
boolean _dirty; int _fields;
HttpServletRequest _request;
public CookieCutter() public CookieCutter()
{ {
}
public CookieCutter(HttpServletRequest request)
{
_request = request;
} }
public Cookie[] getCookies() public Cookie[] getCookies()
{ {
if (_added>0) if (_cookies!=null)
{
if (!_dirty && _added==_fields.length)
{
// same cookies as last time!
_added=0;
return _cookies; return _cookies;
}
if (_lastCookies!=null &&
_lazyFields!=null &&
_fields==LazyList.size(_lazyFields))
_cookies=_lastCookies;
else
parseFields(); parseFields();
} _lastCookies=_cookies;
return _cookies; return _cookies;
} }
public void setCookies(Cookie[] cookies) public void setCookies(Cookie[] cookies)
{ {
_dirty=false;
_added=0;
_cookies=cookies; _cookies=cookies;
_lastCookies=null;
_lazyFields=null;
_fields=0;
} }
public void reset() public void reset()
{ {
_fields=null;
_cookies=null; _cookies=null;
_fields=0;
} }
public void addCookieField(String f) public void addCookieField(String f)
{ {
if (!_dirty && if (f==null)
_fields!=null && return;
_fields.length>_added && f=f.trim();
_fields[_added].equals(f)) if (f.length()==0)
return;
if (LazyList.size(_lazyFields)>_fields)
{ {
_added++; if (f.equals(LazyList.get(_lazyFields,_fields)))
{
_fields++;
return; return;
} }
if (_dirty) while (LazyList.size(_lazyFields)>_fields)
{ _lazyFields=LazyList.remove(_lazyFields,_fields);
_added++;
_fields=(String[])LazyList.addToArray(_fields,f,String.class);
} }
else _cookies=null;
{ _lastCookies=null;
_dirty=true; _lazyFields=LazyList.add(_lazyFields,_fields++,f);
if (_added>0)
{
String[] fields=new String[_added+1];
System.arraycopy(_fields,0,fields,0,_added);
fields[_added++]=f;
_fields=fields;
}
else
{
_fields = new String[]{f};
_added=1;
} }
}
}
protected void parseFields() protected void parseFields()
{ {
_lastCookies=null;
_cookies=null;
Object cookies = null; Object cookies = null;
int version = 0; int version = 0;
// delete excess fields
while (LazyList.size(_lazyFields)>_fields)
_lazyFields=LazyList.remove(_lazyFields,_fields);
// For each cookie field // For each cookie field
for (int f=0;f<_added;f++) for (int f=0;f<_fields;f++)
{ {
String hdr = _fields[f]; String hdr = LazyList.get(_lazyFields,f);
// Parse the header // Parse the header
String name = null; String name = null;
@ -152,8 +142,6 @@ public class CookieCutter
case STATE_UNQUOTED_VALUE: case STATE_UNQUOTED_VALUE:
state = STATE_NAME; state = STATE_NAME;
value = hdr.substring(tokenstart, i).trim(); value = hdr.substring(tokenstart, i).trim();
if(_request!=null && _request.isRequestedSessionIdFromURL())
value = URIUtil.decodePath(value);
tokenstart = i + 1; tokenstart = i + 1;
break; break;
case STATE_NAME: case STATE_NAME:
@ -218,8 +206,6 @@ public class CookieCutter
{ {
case STATE_UNQUOTED_VALUE: case STATE_UNQUOTED_VALUE:
value = hdr.substring(tokenstart).trim(); value = hdr.substring(tokenstart).trim();
if(_request!=null && _request.isRequestedSessionIdFromURL())
value = URIUtil.decodePath(value);
break; break;
case STATE_NAME: case STATE_NAME:
name = hdr.substring(tokenstart); name = hdr.substring(tokenstart);
@ -276,21 +262,8 @@ public class CookieCutter
} }
} }
int l = LazyList.size(cookies);
if (l>0)
{
if (_cookies != null && _cookies.length == l)
{
for (int i = 0; i < l; i++)
_cookies[i] = (Cookie) LazyList.get(cookies, i);
}
else
_cookies = (Cookie[]) LazyList.toArray(cookies,Cookie.class); _cookies = (Cookie[]) LazyList.toArray(cookies,Cookie.class);
} _lastCookies=_cookies;
_added=0;
_dirty=false;
} }
} }

View File

@ -433,27 +433,24 @@ public class Request implements HttpServletRequest
if (_cookiesExtracted) if (_cookiesExtracted)
return _cookies==null?null:_cookies.getCookies(); return _cookies==null?null:_cookies.getCookies();
// Handle no cookies
if (!_connection.getRequestFields().containsKey(HttpHeaders.COOKIE_BUFFER))
{
_cookiesExtracted = true; _cookiesExtracted = true;
if (_cookies!=null)
_cookies.reset();
return null;
}
if (_cookies==null)
_cookies=new CookieCutter(this);
Enumeration enm = _connection.getRequestFields().getValues(HttpHeaders.COOKIE_BUFFER); Enumeration enm = _connection.getRequestFields().getValues(HttpHeaders.COOKIE_BUFFER);
// Handle no cookies
if (enm!=null)
{
if (_cookies==null)
_cookies=new CookieCutter();
while (enm.hasMoreElements()) while (enm.hasMoreElements())
{ {
String c = (String)enm.nextElement(); String c = (String)enm.nextElement();
_cookies.addCookieField(c); _cookies.addCookieField(c);
} }
_cookiesExtracted=true; }
return _cookies.getCookies(); return _cookies==null?null:_cookies.getCookies();
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -1308,13 +1305,16 @@ public class Request implements HttpServletRequest
if(_attributes!=null) if(_attributes!=null)
_attributes.clearAttributes(); _attributes.clearAttributes();
_characterEncoding=null; _characterEncoding=null;
_queryEncoding=null; if (_cookies!=null)
_cookies.reset();
_cookiesExtracted=false;
_context=null; _context=null;
_serverName=null; _serverName=null;
_method=null; _method=null;
_pathInfo=null; _pathInfo=null;
_port=0; _port=0;
_protocol=HttpVersions.HTTP_1_1; _protocol=HttpVersions.HTTP_1_1;
_queryEncoding=null;
_queryString=null; _queryString=null;
_requestedSessionId=null; _requestedSessionId=null;
_requestedSessionIdFromCookie=false; _requestedSessionIdFromCookie=false;
@ -1332,7 +1332,6 @@ public class Request implements HttpServletRequest
_paramsExtracted=false; _paramsExtracted=false;
_inputState=__NONE; _inputState=__NONE;
_cookiesExtracted=false;
if (_savedNewSessions!=null) if (_savedNewSessions!=null)
_savedNewSessions.clear(); _savedNewSessions.clear();
_savedNewSessions=null; _savedNewSessions=null;
@ -1571,7 +1570,7 @@ public class Request implements HttpServletRequest
public void setCookies(Cookie[] cookies) public void setCookies(Cookie[] cookies)
{ {
if (_cookies==null) if (_cookies==null)
_cookies=new CookieCutter(this); _cookies=new CookieCutter();
_cookies.setCookies(cookies); _cookies.setCookies(cookies);
} }