Author: markt
Date: Wed Dec 16 16:27:26 2009
New Revision: 891289
URL: http://svn.apache.org/viewvc?rev=891289&view=rev
Log:
Provide new option to allow = in cookie values
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=891289&r1=891288&r2=891289&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Dec 16 16:27:26 2009
@@ -307,11 +307,6 @@
+1: markt, jim
-1:
-* Provide new option to allow = in cookie values
- http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch
- +1: markt, jim, jfclere
- -1:
-
* Alternative fix for CVE-2009-3555 SSL MITN
The current patch uses an async callback to close the socket. It is
technically possible an attack may suceed before the socket is closed
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java?rev=891289&r1=891288&r2=891289&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java Wed Dec
16 16:27:26 2009
@@ -46,6 +46,12 @@
MimeHeaders headers;
+ /**
+ * If true, cookie values are allowed to contain an equals character
without
+ * being quoted.
+ */
+ public static final boolean ALLOW_EQUALS_IN_VALUE;
+
/*
List of Separator Characters (see isSeparator())
Excluding the '/' char violates the RFC, but
@@ -65,6 +71,10 @@
for (int i = 0; i < SEPARATORS.length; i++) {
separators[SEPARATORS[i]] = true;
}
+
+ ALLOW_EQUALS_IN_VALUE = Boolean.valueOf(System.getProperty(
+
"org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE",
+ "false")).booleanValue();
}
/**
@@ -367,7 +377,7 @@
// Get the cookie name. This must be a token
valueEnd = valueStart = nameStart = pos;
- pos = nameEnd = getTokenEndPosition(bytes,pos,end);
+ pos = nameEnd = getTokenEndPosition(bytes,pos,end,true);
// Skip whitespace
while (pos < end && isWhiteSpace(bytes[pos])) {pos++; };
@@ -414,12 +424,14 @@
// The position is OK (On a delimiter)
break;
default:;
- if (!isSeparator(bytes[pos])) {
+ if (!isSeparator(bytes[pos]) ||
+ bytes[pos] == '=' && ALLOW_EQUALS_IN_VALUE) {
// Token
valueStart=pos;
// getToken returns the position at the delimeter
// or other non-token character
- valueEnd=getTokenEndPosition(bytes, valueStart, end);
+ valueEnd = getTokenEndPosition(bytes, valueStart, end,
+ false);
// We need pos to advance
pos = valueEnd;
} else {
@@ -551,13 +563,26 @@
}
/**
+ * @deprecated - Use private method
+ * {...@link #getTokenEndPosition(byte[], int, int, boolean)} instead
+ */
+ public static final int getTokenEndPosition(byte bytes[], int off, int
end){
+ return getTokenEndPosition(bytes, off, end, true);
+ }
+
+ /**
* Given the starting position of a token, this gets the end of the
* token, with no separator characters in between.
* JVK
*/
- public static final int getTokenEndPosition(byte bytes[], int off, int
end){
+ private static final int getTokenEndPosition(byte bytes[], int off, int
end,
+ boolean isName) {
int pos = off;
- while (pos < end && !isSeparator(bytes[pos])) {pos++; };
+ while (pos < end &&
+ (!isSeparator(bytes[pos]) ||
+ bytes[pos]=='=' && ALLOW_EQUALS_IN_VALUE && !isName)) {
+ pos++;
+ }
if (pos > end)
return end;
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=891289&r1=891288&r2=891289&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Dec 16 16:27:26 2009
@@ -301,6 +301,10 @@
<add>
Make buffer size for FileHandler configurable. (fhanik)
</add>
+ <add>
+ Provide an option to allow the equals character in unquoted cookie
+ values. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml?rev=891289&r1=891288&r2=891289&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml Wed Dec 16
16:27:26 2009
@@ -246,6 +246,16 @@
one active request will always be considered valid. If not specified, the
default value of <code>false</code> will be used.</p>
</property>
+
+ <property
+ name="org.apache.tomcat.util.http. ServerCookie.ALLOW_EQUALS_IN_VALUE">
+ <p>If this is <code>true</code> Tomcat will allow <code>=</code>
+ characters when parsing unquoted cookie values. If <code>false</code>,
+ cookie values containing <code>=</code> will be terminated when the
+ <code>=</code> is encountered and the remainder of the cookie value will
+ be dropped. If not specified, the default specification compliant value
of
+ <code>false</code> will be used.</p>
+ </property>
<property
name="org.apache.tomcat.util.http. ServerCookie.ALWAYS_ADD_EXPIRES">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
