Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #1546 - more cookie fixes

This commit is contained in:
Greg Wilkins 2017-05-16 06:05:55 +02:00
parent 5141085fed
commit 155e3e9bcd
3 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
jetty-server/src/main/java/org/eclipse/jetty/server/CookieCutter.java
View File

@ -180,6 +180,7 @@ public class CookieCutter
default: default:
if (i==last) if (i==last)
{ {
// unterminated quote, let's ignore quotes
unquoted.setLength(0); unquoted.setLength(0);
inQuoted = false; inQuoted = false;
i--; i--;
@ -201,7 +202,7 @@ public class CookieCutter
{ {
case ' ': case ' ':
case '\t': case '\t':
continue; break;
case ';': case ';':
if (quoted) if (quoted)
@ -212,6 +213,8 @@ public class CookieCutter
} }
else if(tokenstart>=0 && tokenend>=0) else if(tokenstart>=0 && tokenend>=0)
value = hdr.substring(tokenstart, tokenend+1); value = hdr.substring(tokenstart, tokenend+1);
else
value = "";
tokenstart = -1; tokenstart = -1;
invalue=false; invalue=false;
@ -224,7 +227,7 @@ public class CookieCutter
inQuoted=true; inQuoted=true;
if (unquoted==null) if (unquoted==null)
unquoted=new StringBuilder(); unquoted=new StringBuilder();
continue; break;
} }
// fall through to default case // fall through to default case
@ -284,10 +287,9 @@ public class CookieCutter
{ {
name = hdr.substring(tokenstart, tokenend+1); name = hdr.substring(tokenstart, tokenend+1);
} }
tokenstart = -1; tokenstart = -1;
invalue=true; invalue=true;
continue; break;
default: default:
if (quoted) if (quoted)
@ -303,17 +305,30 @@ public class CookieCutter
tokenstart=i; tokenstart=i;
tokenend=i; tokenend=i;
if (i==last) if (i==last)
{
name = hdr.substring(tokenstart, tokenend+1);
break; break;
}
continue; continue;
} }
} }
} }
if (invalue && i==last && value==null)
{
if (quoted)
{
value = unquoted.toString();
unquoted.setLength(0);
quoted = false;
}
else if(tokenstart>=0 && tokenend>=0)
{
value = hdr.substring(tokenstart, tokenend+1);
}
else
value = "";
}
// If after processing the current character we have a value and a name, then it is a cookie // If after processing the current character we have a value and a name, then it is a cookie
if (value!=null && name!=null) if (name!=null && value!=null)
{ {
try try
{ {

13
jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutter_LenientTest.java
View File

@ -65,7 +65,18 @@ public class CookieCutter_LenientTest
// quoted-string = ( <"> *(qdtext) <"> ) // quoted-string = ( <"> *(qdtext) <"> )
// qdtext = <any TEXT except <">> // qdtext = <any TEXT except <">>
// lenient with spaces and EOF
ret.add(new String[]{"abc=", "abc", ""});
ret.add(new String[]{"abc = ", "abc", ""});
ret.add(new String[]{"abc = ;", "abc", ""});
ret.add(new String[]{"abc = ; ", "abc", ""});
ret.add(new String[]{"abc = x ", "abc", "x"});
ret.add(new String[]{"abc=\"\"", "abc", ""}); ret.add(new String[]{"abc=\"\"", "abc", ""});
ret.add(new String[]{"abc= \"\" ", "abc", ""});
ret.add(new String[]{"abc= \"x\" ", "abc", "x"});
ret.add(new String[]{"abc= \"x\" ;", "abc", "x"});
ret.add(new String[]{"abc= \"x\" ; ", "abc", "x"});
// The backslash character ("\") may be used as a single-character quoting // The backslash character ("\") may be used as a single-character quoting
// mechanism only within quoted-string and comment constructs. // mechanism only within quoted-string and comment constructs.
// quoted-pair = "\" CHAR // quoted-pair = "\" CHAR
@ -80,7 +91,7 @@ public class CookieCutter_LenientTest
// See https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-5.2 // See https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-5.2
// Cannot pass names through as javax.servlet.http.Cookie class does not allow them // Cannot pass names through as javax.servlet.http.Cookie class does not allow them
ret.add(new String[]{"$foo=bar", null, null}); ret.add(new String[]{"$foo=bar", null, null});
// Tests that conform to RFC6265 // Tests that conform to RFC6265
ret.add(new String[]{"abc=foobar!", "abc", "foobar!"}); ret.add(new String[]{"abc=foobar!", "abc", "foobar!"});
ret.add(new String[]{"abc=\"foobar!\"", "abc", "foobar!"}); ret.add(new String[]{"abc=\"foobar!\"", "abc", "foobar!"});

4
jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
View File

@ -1326,7 +1326,7 @@ public class RequestTest
"POST / HTTP/1.1\r\n"+ "POST / HTTP/1.1\r\n"+
"Host: whatever\r\n"+ "Host: whatever\r\n"+
"Cookie: name0=value0; name1 = value1 ; name2 = \"\\\"value2\\\"\" \n" + "Cookie: name0=value0; name1 = value1 ; name2 = \"\\\"value2\\\"\" \n" +
"Cookie: $Version=2; name3=value3=value3;$path=/path;$domain=acme.com;$port=8080; name4=\"\"; name5 = x ; name6\n" + "Cookie: $Version=2; name3=value3=value3;$path=/path;$domain=acme.com;$port=8080; name4=\"\"; name5 = ; name6\n" +
"Cookie: name7=value7;\n" + "Cookie: name7=value7;\n" +
"Connection: close\r\n"+ "Connection: close\r\n"+
"\r\n"); "\r\n");
@ -1346,7 +1346,7 @@ public class RequestTest
assertEquals("name4", cookies.get(4).getName()); assertEquals("name4", cookies.get(4).getName());
assertEquals("", cookies.get(4).getValue()); assertEquals("", cookies.get(4).getValue());
assertEquals("name5", cookies.get(5).getName()); assertEquals("name5", cookies.get(5).getName());
assertEquals("x", cookies.get(5).getValue()); assertEquals("", cookies.get(5).getValue());
// assertEquals("name6", cookies.get(6).getName()); // assertEquals("name6", cookies.get(6).getName());
// assertEquals("", cookies.get(6).getValue()); // assertEquals("", cookies.get(6).getValue());
assertEquals("name7", cookies.get(6).getName()); assertEquals("name7", cookies.get(6).getName());