Skip to content

net/http: parsing cookie enclosed with double quote fails #33147

Closed
@pubblic

Description

@pubblic

Please answer these questions before submitting your issue. Thanks!

What did you do?

https://play.golang.org/p/wHVuJ-QVq8L

What did you expect to see?

Ok: test1
Ok: test2

What did you see instead?

FAIL: test1: expect "abcd" but got abcd
2009/11/10 23:00:00 net/http: invalid byte '"' in Cookie.Value; dropping invalid bytes
FAIL: Cookie.String: expect token="abc" but got token=abc

System details

go version go1.12.7 windows/amd64
GOARCH="amd64"
GOBIN=""
GOCACHE="C:\Users\Home\lib\go\cache"
GOEXE=".exe"
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="windows"
GOOS="windows"
GOPATH="C:\Users\Home\lib\go"
GOPROXY=""
GORACE=""
GOROOT="C:\Go"
GOTMPDIR=""
GOTOOLDIR="C:\Go\pkg\tool\windows_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="C:\Users\Home\lib\src\go-naver-map-search\go.mod"
GOROOT/bin/go version: go version go1.12.7 windows/amd64
GOROOT/bin/go tool compile -V: compile version go1.12.7
gdb --version: GNU gdb (GDB) 8.2.1

Cookie is defined as below

https://tools.ietf.org/html/rfc6265#section-4.1.1
 cookie-pair       = cookie-name "=" cookie-value
 cookie-name       = token
 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash

The cookie-value rule has two alternatives: *cookie-octetc and DQUOTE *cookie-octetc DQUOTE. Cookie parser does not handle the DQUOTE alternative.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions