Bug 44927 - Cookie parsing is broken in 6.0.16
Summary: Cookie parsing is broken in 6.0.16
Status: RESOLVED INVALID
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.16
Hardware: PC Linux
: P2 regression (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-02 12:29 UTC by Tim McCune
Modified: 2010-01-25 11:48 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim McCune 2008-05-02 12:29:33 UTC 
A recent change to cookie parsing that I think appeared in 6.0.16 has caused us some problems.  Any cookies with an = in their values no longer parse correctly.  For example:

Cookie: A=b=c;D=e

Prior to 6.0.16, this was properly parsed as
A b=c
D e

In 6.0.16, this is parsed as 
A b
D e
Comment 1 Mark Thomas 2008-05-02 12:55:33 UTC 
It would be appreciated if you took the time to search the bug database and/or the mail archives before filing a duplicate.

*** This bug has been marked as a duplicate of bug 44679 ***
Comment 2 Tim McCune 2008-05-02 13:01:01 UTC 
Sorry, I did, but the search form defaulted to only show Open bugs, so I missed it.  You might want to reconsider changing the default to All.
Comment 3 Tim McCune 2008-05-02 14:32:38 UTC 
I just tried the latest version from the trunk in subversion and this still fails.    It looks like the offending code is in Cookies.processCookieHeader().
Comment 4 Mark Thomas 2008-05-02 14:41:28 UTC 
A=b=c is not a valid cookie header. the second '=' needs to be escaped.
Comment 5 Tim McCune 2010-01-25 11:48:14 UTC 
Hey, I just discovered the org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE system property in 6.0.24 as I was about to patch it with our fix to this issue, as I've always had to do since 6.0.16.

Does this mean that this issue has now been fixed as long as I set that system property to "true"?