Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1462

Request cookie is incorrectly parsed when a backslash-escaped double quote exists in the quoted cookie value

XMLWordPrintable

      EAP 7/Undertow parses a request cookie incorrectly when a backslash-escaped double quote (\") exists in the quoted cookie value.

      • example.jsp
      <%
      Cookie[] cookies = request.getCookies();
      for (Cookie cookie: cookies) {
          out.println("cookie key = " + cookie.getName());
          out.println("cookie val = " + cookie.getValue());
      }
      %>
      
      • EAP 7 incorrectly parses the quoted cookie value "my\"value" as my\
      $ curl -v http://localhost:8080/test/example.jsp -H 'Cookie: mykey="my\"value"'
      ...
      > GET /test/example.jsp HTTP/1.1
      > User-Agent: curl/7.29.0
      > Host: localhost:8080
      > Accept: */*
      > Cookie: mykey="my\"value"
      > 
      < HTTP/1.1 200 OK
      < Connection: keep-alive
      < X-Powered-By: Undertow/1
      < X-Powered-By: JSP/2.3
      < Server: JBoss-EAP/7
      < ....
      < 
      cookie key = mykey
      cookie val = my\
      
      
      • EAP 6.4 can correctly parse the quoted cookie value "my\"value" as my"value:
      $ curl -v http://localhost:8080/test/example.jsp -H 'Cookie: mykey="my\"value"'
      ...
      > GET /test/example.jsp HTTP/1.1
      > User-Agent: curl/7.29.0
      > Host: localhost:8080
      > Accept: */*
      > Cookie: mykey="my\"value"
      > 
      < HTTP/1.1 200 OK
      < Server: Apache-Coyote/1.1
      < X-Powered-By: JSP/2.2
      < ...
      < 
      cookie key = mykey
      cookie val = my"value
      
      

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: