From 5e8bab52e7ad1f8faffe4296b738fd1053a62900 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Sun, 13 Dec 2009 19:55:32 +0100 Subject: [PATCH] Bugfixed cookie parsing. --- src/dolda/jsvc/util/Cookie.java | 13 ++++++++++--- src/dolda/jsvc/util/Http.java | 12 +++++++----- src/dolda/jsvc/util/Misc.java | 10 ++++++++++ 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/src/dolda/jsvc/util/Cookie.java b/src/dolda/jsvc/util/Cookie.java index 591289d..b85a7ff 100644 --- a/src/dolda/jsvc/util/Cookie.java +++ b/src/dolda/jsvc/util/Cookie.java @@ -61,13 +61,14 @@ public class Cookie { MultiMap ret = new WrappedMultiMap(new TreeMap>()); for(String in : req.inheaders().values("Cookie")) { try { - StringReader r = new StringReader(in); + PushbackReader r = new PushbackReader(new StringReader(in)); Cookie c = null; while(true) { String k = Http.tokenunquote(r); + Misc.eatws(r); + if((k == null) || (r.read() != '=')) + throw(new Http.EncodingException("Illegal cookie header format")); String v = Http.tokenunquote(r); - if(k == null) - break; if(k.equals("$Version")) { if(Integer.parseInt(v) != 1) throw(new Http.EncodingException("Unknown cookie format version")); @@ -81,6 +82,12 @@ public class Cookie { c = new Cookie(k, v); ret.add(k, c); } + Misc.eatws(r); + int sep = r.read(); + if(sep < 0) + break; + if(sep != ';') + throw(new Http.EncodingException("Illegal cookie header format")); } } catch(IOException e) { throw(new Error(e)); diff --git a/src/dolda/jsvc/util/Http.java b/src/dolda/jsvc/util/Http.java index b83e6d2..d32b7ab 100644 --- a/src/dolda/jsvc/util/Http.java +++ b/src/dolda/jsvc/util/Http.java @@ -59,7 +59,7 @@ public class Http { return(buf.toString()); } - public static String tokenunquote(Reader in) throws IOException { + public static String tokenunquote(PushbackReader in) throws IOException { StringBuilder buf = new StringBuilder(); String st = "eatws"; int c = in.read(); @@ -70,15 +70,17 @@ public class Http { else st = "token"; } else if(st == "token") { - if((c < 0) || Character.isWhitespace((char)c) || (tspecials.indexOf((char)c) >= 0)) { + if(c == '"') { + st = "quoted"; + c = in.read(); + } else if((c < 0) || Character.isWhitespace((char)c) || (tspecials.indexOf((char)c) >= 0)) { + if(c >= 0) + in.unread(c); if(buf.length() == 0) return(null); return(buf.toString()); } else if((c < 32) || (c >= 127)) { throw(new EncodingException("Invalid characters in header")); - } else if(c == '"') { - st = "quoted"; - c = in.read(); } else { buf.append((char)c); c = in.read(); diff --git a/src/dolda/jsvc/util/Misc.java b/src/dolda/jsvc/util/Misc.java index 63a10a7..34e36f7 100644 --- a/src/dolda/jsvc/util/Misc.java +++ b/src/dolda/jsvc/util/Misc.java @@ -131,4 +131,14 @@ public class Misc { return(false); throw(new IllegalArgumentException("value not recognized as boolean: " + val)); } + + public static void eatws(PushbackReader in) throws IOException { + int c; + do { + c = in.read(); + if(c < 0) + return; + } while(Character.isWhitespace(c)); + in.unread(c); + } } -- 2.11.0