grizzly
  1. grizzly
  2. GRIZZLY-970

Fix accept-language qvalue parsing to avoid attempting to parse values with a length more than 5.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: memcached-1.0, 1.9.31
    • Fix Version/s: memcached-1.0, 1.9.32
    • Component/s: None
    • Labels:
      None

      Description

      See: http://bugs.openjdk.java.net/show_bug.cgi?id=100119

      A specially crafted accept-language header could be sent to the container with a qvalue that tiggers the bug referenced above.

      Since the RFC states there should be no more than 3 digits after the decimal, we shouldn't be attempting to parse this number anyway.

        Activity

        Ryan Lubke created issue -
        Hide
        Ryan Lubke added a comment -

        Changes applied (1.9: r5883, 2.0: r5884).

        Show
        Ryan Lubke added a comment - Changes applied (1.9: r5883, 2.0: r5884).
        Ryan Lubke made changes -
        Field Original Value New Value
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        oleksiys made changes -
        Fix Version/s memcached-1.0 [ 15600 ]
        Fix Version/s 2.0-promoted-3 [ 12369 ]
        oleksiys made changes -
        Affects Version/s memcached-1.0 [ 15600 ]
        Affects Version/s 2.0-promoted-2 [ 12361 ]

          People

          • Assignee:
            Ryan Lubke
            Reporter:
            Ryan Lubke
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: