Bug 59450 - allowHttpSepsInV0 attribute and forwardSlashIsSeparator attribute don't handle correctly
Summary: allowHttpSepsInV0 attribute and forwardSlashIsSeparator attribute don't handl...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-10 06:17 UTC by Kyohei Nakamura
Modified: 2016-05-10 09:10 UTC (History)
0 users



Attachments
patch against trunk (936 bytes, patch)
2016-05-10 06:17 UTC, Kyohei Nakamura
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kyohei Nakamura 2016-05-10 06:17:40 UTC
Created attachment 33833 [details]
patch against trunk

When the value of cookie includes slash character ('/') and the cookie version is 0, the org.apache.tomcat.util.http.LegacyCookieProcessor don't handle them correctly.
If the allowHttpSepsInV0 attribute set to false and the forwardSlashIsSeparator attribute set to true, the cookie value should be quoted.
However, it is not quoted.

If the allowHttpSepsInV0 attribute is false and the forwardSlashIsSeparator attribute is true, allowedWithoutQuotes.clear('/') should be called.
Comment 1 Mark Thomas 2016-05-10 09:10:39 UTC
Thanks for the report and the patch.

This has been fixed in:
9.0.x for 9.0.0.M5 onwards
8.5.x for 8.5.1 onwards
8.0.x for 8.0.34 onwards

7.0.x and earlier was not affected.