Bug 59888 - The cookie parser (for Rfc6265CookieProcessor) does not allow whitespaces in quoted cookie value of the version 1 cookie
Summary: The cookie parser (for Rfc6265CookieProcessor) does not allow whitespaces in ...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-21 05:21 UTC by Kyohei Nakamura
Modified: 2016-08-04 18:51 UTC (History)
0 users



Attachments
patch against trunk (544 bytes, patch)
2016-07-21 05:21 UTC, Kyohei Nakamura
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kyohei Nakamura 2016-07-21 05:21:36 UTC
Created attachment 34059 [details]
patch against trunk

The RFC2109 specification that defines the version 1 cookie says that whitespaces are allowed in quoted cookie value.
However, the cookie parser (for Rfc6265CookieProcessor) does not allow whitespaces in quoted cookie value of the version 1 cookie.

I made the patch that the cookie parser treats whitespace as enabled character.
Comment 1 Mark Thomas 2016-08-04 18:51:57 UTC
Thanks of the report. There was a similar issue with tabs. This has been fixed in 9.0.x for 9.0.0.M10 onwards, 8.5.x for 8.5.5 onwards and 8.0.x for 8.0.37 onwards.