[jboss-jira] [JBoss JIRA] (JBWEB-266) Cookie Processing of JSON Cookie destroys Cookie Header
Manuel Coenen (JIRA)
jira-events at lists.jboss.org
Mon Feb 25 11:31:56 EST 2013
[ https://issues.jboss.org/browse/JBWEB-266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756500#comment-12756500 ]
Manuel Coenen commented on JBWEB-266:
-------------------------------------
As I stated earlier our server forwards all headers to another server when loading additional content. This forwarding includes the cookie headers. As it is now we need to examine the headers, filter the cookie header and re-add it to our own RequestWrapper's header map from the {{Cookie[]}} array available via the {{HttpRequest}} object. Addtionally we need to re-escape the contained double-quotes.
All of this extra work could be avoided if inside the {{Cookies.unescapeDoubleQuotes(ByteChunk)}} method the {{byte[]}} containing the header is copied prior to modification. This way the cost is reduced to the case when the cookie header contains escaped double-quotes.
> Cookie Processing of JSON Cookie destroys Cookie Header
> -------------------------------------------------------
>
> Key: JBWEB-266
> URL: https://issues.jboss.org/browse/JBWEB-266
> Project: JBoss Web
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Tomcat
> Affects Versions: JBossWeb-7.0.1.GA
> Environment: Windows 7 x64 and RHEL/CentOS 5.x, Java 1.7.0_11, JBoss AS 7.0.2 Final
> Reporter: Manuel Coenen
> Assignee: Remy Maucherat
>
> When sending a cookie with JSON content to JBoss the automatic cookie processing (triggered by looking for a session cookie) modifies the {{byte[]}} buffer which is also used for the HTTP headers.
> This is due to multiple objects depending on the same {{byte[]}} buffer instance. The following hierarchy should demonstrate this dependency:
> {noformat}
> Http11Processor.request (Request)
> └> cookies (Cookies)
> | └> scookies[] (ServerCookie)
> | └> scookies[x] (where x is the index referencing the JSON cookie)
> | └> value (MessageByte)
> | └>byteC (ByteChunk)
> | \
> | |-> buff (byte[])
> | /
> | ┌> byteC (ByteChunk)
> | ┌> valueB (MessageByte)
> | ┌> headers[y] (where y is the index referencing the JSON cookie header)
> | ┌> headers[] (MimeHeaderField)
> └> headers (MimeHeader)
> {noformat}
> The method {{Cookies.unescapeDoubleQuotes(ByteChunk)}} modifies this buffer by overwriting its contents when removing the escaped double-quotes. This in return destroys the reference for the header as it will still maintain the {{start}} and {{end}} reference inside this buffer. If the value for this header is read later it will be the unescaped content trailed by the surplus escaped region (see reproduction instructions for a more detailed example).
> In my opinion the method {{Cookies.unescapeDoubleQuotes(ByteChunk)}} should copy the {{byte[]}} first to avoid side effects to other parts referencing this {{byte[]}} as it could be (and is in our case) that the headers (including cookie) need to be forwarded unmodified to another server.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list