[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #8 from Mark Thomas ma...@apache.org --- The new RFC6265 cookie parser (that also includes a new RFC2109 parser) correctly handles these values. I don't propose fixing the old parser. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 Jeremy Boynes jboy...@apache.org changed: What|Removed |Added Blocks||55951 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 --- Comment #7 from Jeremy Boynes jboy...@apache.org --- The patch for this has been reverted from trunk -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 Jeremy Boynes jboy...@apache.org changed: What|Removed |Added Attachment #31139|0 |1 is obsolete|| --- Comment #5 from Jeremy Boynes jboy...@apache.org --- Created attachment 31140 -- https://issues.apache.org/bugzilla/attachment.cgi?id=31140action=edit Allow 0xa0-0xff in V0 values only Minimal patch allowing ISO-8859-1 characters in the range 0xa0-0xff for V0 values only. This refactors the check when processing tokens to allow 8-bit characters just for V0 values. They will still trigger an IllegalArgumentException if they appear in a name or in a V1 unquoted value. V1 quoted values already support them via a different code path. I discovered an issue (#55918) there where CTLs will not cause an IAE and will appear in the returned value. I've tagged the tests for that as @Ignored to be resolved in a different fix. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 --- Comment #1 from Jeremy Boynes jboy...@apache.org --- Created attachment 31139 -- https://issues.apache.org/bugzilla/attachment.cgi?id=31139action=edit Fix to allow chars in the range 0xa0-0xff Patch allows characters in the range 0xA0-0xFF (so it continues to exclude controls both 0x20 and 0x80-0x9F). Added testcase for a Latin-1 character and test-suite passes. To keep it simple, this patch does not attempt to differentiate between quoted and unquoted values. It also does not attempt to deal with values containing UTF-8 encoded data. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 --- Comment #2 from Mark Thomas ma...@apache.org --- This simple patch is not acceptable as it does not retain the limitation that cookie names must be tokens. Now might be the time to re-write the cookie parsing using the HttpParser. Given the 'fun' we have had with cookie processing in the past we need to be very careful about any changes we introduce. Now could be a good time to do this in 8.0.x and then back-port it once it is stable. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 --- Comment #3 from Mark Thomas ma...@apache.org --- If we do revisit cookie parsing we should keep RFC6265 in mind as well as the fact that Tomcat moved to a strict adherence to the cookie specs in order to avoid a number of potential security issues. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55917] Cookie parsing fails hard with ISO-8859-1 values
https://issues.apache.org/bugzilla/show_bug.cgi?id=55917 Jeremy Boynes jboy...@apache.org changed: What|Removed |Added Component|Connectors |Connectors Product|Tomcat 7|Tomcat 8 Target Milestone|--- | --- Comment #4 from Jeremy Boynes jboy...@apache.org --- I agree that this would be a good time for a larger cleanup. To keep things incremental I'll start with refining the patch (against trunk) to handle names and values separately. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org