JETTY-1042
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@438 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
05f730be81
commit
02dd1975ec
|
@ -1,5 +1,6 @@
|
||||||
jetty-7.0.0.M4-SNAPSHOT
|
jetty-7.0.0.M4-SNAPSHOT
|
||||||
+ 281059 NPE in QTP with debug on
|
+ 281059 NPE in QTP with debug on
|
||||||
|
+ JETTY-1042 Prevent cookie leak between shared connection
|
||||||
|
|
||||||
jetty-7.0.0.M3 20 June 2009
|
jetty-7.0.0.M3 20 June 2009
|
||||||
+ fixed race with expired async listeners
|
+ fixed race with expired async listeners
|
||||||
|
|
|
@ -39,95 +39,85 @@ public class CookieCutter
|
||||||
private static final byte STATE_UNQUOTED_VALUE = 16;
|
private static final byte STATE_UNQUOTED_VALUE = 16;
|
||||||
|
|
||||||
private Cookie[] _cookies;
|
private Cookie[] _cookies;
|
||||||
private String[] _fields;
|
private Cookie[] _lastCookies;
|
||||||
int _added=0;
|
Object _lazyFields;
|
||||||
boolean _dirty;
|
int _fields;
|
||||||
HttpServletRequest _request;
|
|
||||||
|
|
||||||
public CookieCutter()
|
public CookieCutter()
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public CookieCutter(HttpServletRequest request)
|
|
||||||
{
|
|
||||||
_request = request;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public Cookie[] getCookies()
|
public Cookie[] getCookies()
|
||||||
{
|
{
|
||||||
if (_added>0)
|
if (_cookies!=null)
|
||||||
{
|
|
||||||
if (!_dirty && _added==_fields.length)
|
|
||||||
{
|
|
||||||
// same cookies as last time!
|
|
||||||
_added=0;
|
|
||||||
return _cookies;
|
return _cookies;
|
||||||
}
|
|
||||||
|
|
||||||
|
if (_lastCookies!=null &&
|
||||||
|
_lazyFields!=null &&
|
||||||
|
_fields==LazyList.size(_lazyFields))
|
||||||
|
_cookies=_lastCookies;
|
||||||
|
else
|
||||||
parseFields();
|
parseFields();
|
||||||
}
|
_lastCookies=_cookies;
|
||||||
return _cookies;
|
return _cookies;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setCookies(Cookie[] cookies)
|
public void setCookies(Cookie[] cookies)
|
||||||
{
|
{
|
||||||
_dirty=false;
|
|
||||||
_added=0;
|
|
||||||
_cookies=cookies;
|
_cookies=cookies;
|
||||||
|
_lastCookies=null;
|
||||||
|
_lazyFields=null;
|
||||||
|
_fields=0;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void reset()
|
public void reset()
|
||||||
{
|
{
|
||||||
_fields=null;
|
|
||||||
_cookies=null;
|
_cookies=null;
|
||||||
|
_fields=0;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void addCookieField(String f)
|
public void addCookieField(String f)
|
||||||
{
|
{
|
||||||
if (!_dirty &&
|
if (f==null)
|
||||||
_fields!=null &&
|
return;
|
||||||
_fields.length>_added &&
|
f=f.trim();
|
||||||
_fields[_added].equals(f))
|
if (f.length()==0)
|
||||||
|
return;
|
||||||
|
|
||||||
|
if (LazyList.size(_lazyFields)>_fields)
|
||||||
{
|
{
|
||||||
_added++;
|
if (f.equals(LazyList.get(_lazyFields,_fields)))
|
||||||
|
{
|
||||||
|
_fields++;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (_dirty)
|
while (LazyList.size(_lazyFields)>_fields)
|
||||||
{
|
_lazyFields=LazyList.remove(_lazyFields,_fields);
|
||||||
_added++;
|
|
||||||
_fields=(String[])LazyList.addToArray(_fields,f,String.class);
|
|
||||||
}
|
}
|
||||||
else
|
_cookies=null;
|
||||||
{
|
_lastCookies=null;
|
||||||
_dirty=true;
|
_lazyFields=LazyList.add(_lazyFields,_fields++,f);
|
||||||
if (_added>0)
|
|
||||||
{
|
|
||||||
String[] fields=new String[_added+1];
|
|
||||||
System.arraycopy(_fields,0,fields,0,_added);
|
|
||||||
fields[_added++]=f;
|
|
||||||
_fields=fields;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
_fields = new String[]{f};
|
|
||||||
_added=1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
protected void parseFields()
|
protected void parseFields()
|
||||||
{
|
{
|
||||||
|
_lastCookies=null;
|
||||||
|
_cookies=null;
|
||||||
|
|
||||||
Object cookies = null;
|
Object cookies = null;
|
||||||
|
|
||||||
int version = 0;
|
int version = 0;
|
||||||
|
|
||||||
|
// delete excess fields
|
||||||
|
while (LazyList.size(_lazyFields)>_fields)
|
||||||
|
_lazyFields=LazyList.remove(_lazyFields,_fields);
|
||||||
|
|
||||||
// For each cookie field
|
// For each cookie field
|
||||||
for (int f=0;f<_added;f++)
|
for (int f=0;f<_fields;f++)
|
||||||
{
|
{
|
||||||
String hdr = _fields[f];
|
String hdr = LazyList.get(_lazyFields,f);
|
||||||
|
|
||||||
// Parse the header
|
// Parse the header
|
||||||
String name = null;
|
String name = null;
|
||||||
|
@ -152,8 +142,6 @@ public class CookieCutter
|
||||||
case STATE_UNQUOTED_VALUE:
|
case STATE_UNQUOTED_VALUE:
|
||||||
state = STATE_NAME;
|
state = STATE_NAME;
|
||||||
value = hdr.substring(tokenstart, i).trim();
|
value = hdr.substring(tokenstart, i).trim();
|
||||||
if(_request!=null && _request.isRequestedSessionIdFromURL())
|
|
||||||
value = URIUtil.decodePath(value);
|
|
||||||
tokenstart = i + 1;
|
tokenstart = i + 1;
|
||||||
break;
|
break;
|
||||||
case STATE_NAME:
|
case STATE_NAME:
|
||||||
|
@ -218,8 +206,6 @@ public class CookieCutter
|
||||||
{
|
{
|
||||||
case STATE_UNQUOTED_VALUE:
|
case STATE_UNQUOTED_VALUE:
|
||||||
value = hdr.substring(tokenstart).trim();
|
value = hdr.substring(tokenstart).trim();
|
||||||
if(_request!=null && _request.isRequestedSessionIdFromURL())
|
|
||||||
value = URIUtil.decodePath(value);
|
|
||||||
break;
|
break;
|
||||||
case STATE_NAME:
|
case STATE_NAME:
|
||||||
name = hdr.substring(tokenstart);
|
name = hdr.substring(tokenstart);
|
||||||
|
@ -276,21 +262,8 @@ public class CookieCutter
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int l = LazyList.size(cookies);
|
|
||||||
if (l>0)
|
|
||||||
{
|
|
||||||
if (_cookies != null && _cookies.length == l)
|
|
||||||
{
|
|
||||||
for (int i = 0; i < l; i++)
|
|
||||||
_cookies[i] = (Cookie) LazyList.get(cookies, i);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
_cookies = (Cookie[]) LazyList.toArray(cookies,Cookie.class);
|
_cookies = (Cookie[]) LazyList.toArray(cookies,Cookie.class);
|
||||||
}
|
_lastCookies=_cookies;
|
||||||
|
|
||||||
_added=0;
|
|
||||||
_dirty=false;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -433,27 +433,24 @@ public class Request implements HttpServletRequest
|
||||||
if (_cookiesExtracted)
|
if (_cookiesExtracted)
|
||||||
return _cookies==null?null:_cookies.getCookies();
|
return _cookies==null?null:_cookies.getCookies();
|
||||||
|
|
||||||
// Handle no cookies
|
|
||||||
if (!_connection.getRequestFields().containsKey(HttpHeaders.COOKIE_BUFFER))
|
|
||||||
{
|
|
||||||
_cookiesExtracted = true;
|
_cookiesExtracted = true;
|
||||||
if (_cookies!=null)
|
|
||||||
_cookies.reset();
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (_cookies==null)
|
|
||||||
_cookies=new CookieCutter(this);
|
|
||||||
|
|
||||||
Enumeration enm = _connection.getRequestFields().getValues(HttpHeaders.COOKIE_BUFFER);
|
Enumeration enm = _connection.getRequestFields().getValues(HttpHeaders.COOKIE_BUFFER);
|
||||||
|
|
||||||
|
// Handle no cookies
|
||||||
|
if (enm!=null)
|
||||||
|
{
|
||||||
|
if (_cookies==null)
|
||||||
|
_cookies=new CookieCutter();
|
||||||
|
|
||||||
while (enm.hasMoreElements())
|
while (enm.hasMoreElements())
|
||||||
{
|
{
|
||||||
String c = (String)enm.nextElement();
|
String c = (String)enm.nextElement();
|
||||||
_cookies.addCookieField(c);
|
_cookies.addCookieField(c);
|
||||||
}
|
}
|
||||||
_cookiesExtracted=true;
|
}
|
||||||
|
|
||||||
return _cookies.getCookies();
|
return _cookies==null?null:_cookies.getCookies();
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
|
@ -1308,13 +1305,16 @@ public class Request implements HttpServletRequest
|
||||||
if(_attributes!=null)
|
if(_attributes!=null)
|
||||||
_attributes.clearAttributes();
|
_attributes.clearAttributes();
|
||||||
_characterEncoding=null;
|
_characterEncoding=null;
|
||||||
_queryEncoding=null;
|
if (_cookies!=null)
|
||||||
|
_cookies.reset();
|
||||||
|
_cookiesExtracted=false;
|
||||||
_context=null;
|
_context=null;
|
||||||
_serverName=null;
|
_serverName=null;
|
||||||
_method=null;
|
_method=null;
|
||||||
_pathInfo=null;
|
_pathInfo=null;
|
||||||
_port=0;
|
_port=0;
|
||||||
_protocol=HttpVersions.HTTP_1_1;
|
_protocol=HttpVersions.HTTP_1_1;
|
||||||
|
_queryEncoding=null;
|
||||||
_queryString=null;
|
_queryString=null;
|
||||||
_requestedSessionId=null;
|
_requestedSessionId=null;
|
||||||
_requestedSessionIdFromCookie=false;
|
_requestedSessionIdFromCookie=false;
|
||||||
|
@ -1332,7 +1332,6 @@ public class Request implements HttpServletRequest
|
||||||
_paramsExtracted=false;
|
_paramsExtracted=false;
|
||||||
_inputState=__NONE;
|
_inputState=__NONE;
|
||||||
|
|
||||||
_cookiesExtracted=false;
|
|
||||||
if (_savedNewSessions!=null)
|
if (_savedNewSessions!=null)
|
||||||
_savedNewSessions.clear();
|
_savedNewSessions.clear();
|
||||||
_savedNewSessions=null;
|
_savedNewSessions=null;
|
||||||
|
@ -1571,7 +1570,7 @@ public class Request implements HttpServletRequest
|
||||||
public void setCookies(Cookie[] cookies)
|
public void setCookies(Cookie[] cookies)
|
||||||
{
|
{
|
||||||
if (_cookies==null)
|
if (_cookies==null)
|
||||||
_cookies=new CookieCutter(this);
|
_cookies=new CookieCutter();
|
||||||
_cookies.setCookies(cookies);
|
_cookies.setCookies(cookies);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue