[jboss-jira] [JBoss JIRA] (JBWEB-266) Cookie Processing of JSON Cookie destroys Cookie Header

Manuel Coenen (JIRA) jira-events at lists.jboss.org
Wed Feb 20 04:32:57 EST 2013 

Manuel Coenen created JBWEB-266:
-----------------------------------

             Summary: Cookie Processing of JSON Cookie destroys Cookie Header
                 Key: JBWEB-266
                 URL: https://issues.jboss.org/browse/JBWEB-266
             Project: JBoss Web
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Tomcat
    Affects Versions: JBossWeb-7.0.1.GA 
         Environment: Windows 7 x64 and RHEL/CentOS with JBoss AS 7.0.2 Final
            Reporter: Manuel Coenen
            Assignee: Remy Maucherat


When sending a cookie with JSON content to JBoss the automatic cookie processing (triggered by looking for a session cookie) modifies the {{byte[]}} buffer which is also used for the HTTP headers.

This is due to multiple objects depending on the same {{byte[]}} buffer instance. The following hierarchy should demonstrate this dependency:
{noformat}
Http11Processor.request (Request)
└> cookies (Cookies)
|  └> scookies[] (ServerCookie)
|     └> scookies[x] (where x is the index referencing the JSON cookie)
|        └> value (MessageByte)
|           └>byteC (ByteChunk)
|             \
|              |-> buff (byte[])
|             /
|          ┌> byteC (ByteChunk)
|       ┌> valueB (MessageByte)
|    ┌> headers[y] (where y is the index referencing the JSON cookie header)
|  ┌> headers[] (MimeHeaderField)
└> headers (MimeHeader)
{noformat}

The method {{Cookies.unescapeDoubleQuotes(ByteChunk)}} modifies this buffer by overwriting its contents when removing the escaped double-quotes. This in return destroys the reference for the header as it will still maintain the {{start}} and {{end}} reference inside this buffer. If the value for this header is read later it will be the unescaped content trailed by the surplus escaped region (see reproduction instructions for a more detailed example).

In my opinion the method {{Cookies.unescapeDoubleQuotes(ByteChunk)}} should copy the {{byte[]}} first to avoid side effects to other parts referencing this {{byte[]}} as it could be (and is in our case) that the headers (including cookie) need to be forwarded unmodified to another server.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list