[jboss-jira] [JBoss JIRA] (JBWEB-266) Cookie Processing of JSON Cookie destroys Cookie Header

Wed Feb 20 04:50:57 EST 2013

     [ https://issues.jboss.org/browse/JBWEB-266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Manuel Coenen updated JBWEB-266:
--------------------------------

    Environment: Windows 7 x64 and RHEL/CentOS 5.x, Java 1.7.0_11, JBoss AS 7.0.2 Final  (was: Windows 7 x64 and RHEL/CentOS with JBoss AS 7.0.2 Final)

    
> Cookie Processing of JSON Cookie destroys Cookie Header
> -------------------------------------------------------
>
>                 Key: JBWEB-266
>                 URL: https://issues.jboss.org/browse/JBWEB-266
>             Project: JBoss Web
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Tomcat
>    Affects Versions: JBossWeb-7.0.1.GA 
>         Environment: Windows 7 x64 and RHEL/CentOS 5.x, Java 1.7.0_11, JBoss AS 7.0.2 Final
>            Reporter: Manuel Coenen
>            Assignee: Remy Maucherat
>
> When sending a cookie with JSON content to JBoss the automatic cookie processing (triggered by looking for a session cookie) modifies the {{byte[]}} buffer which is also used for the HTTP headers.
> This is due to multiple objects depending on the same {{byte[]}} buffer instance. The following hierarchy should demonstrate this dependency:
> {noformat}
> Http11Processor.request (Request)
> └> cookies (Cookies)
> |  └> scookies[] (ServerCookie)
> |     └> scookies[x] (where x is the index referencing the JSON cookie)
> |        └> value (MessageByte)
> |           └>byteC (ByteChunk)
> |             \
> |              |-> buff (byte[])
> |             /
> |          ┌> byteC (ByteChunk)
> |       ┌> valueB (MessageByte)
> |    ┌> headers[y] (where y is the index referencing the JSON cookie header)
> |  ┌> headers[] (MimeHeaderField)
> └> headers (MimeHeader)
> {noformat}
> The method {{Cookies.unescapeDoubleQuotes(ByteChunk)}} modifies this buffer by overwriting its contents when removing the escaped double-quotes. This in return destroys the reference for the header as it will still maintain the {{start}} and {{end}} reference inside this buffer. If the value for this header is read later it will be the unescaped content trailed by the surplus escaped region (see reproduction instructions for a more detailed example).
> In my opinion the method {{Cookies.unescapeDoubleQuotes(ByteChunk)}} should copy the {{byte[]}} first to avoid side effects to other parts referencing this {{byte[]}} as it could be (and is in our case) that the headers (including cookie) need to be forwarded unmodified to another server.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira