Better handle edge cases when allowing = in cookie value

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@881500 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/tomcat/util/http/Cookies.java b/java/org/apache/tomcat/util/http/Cookies.java
index 7249cb0..bb663ce 100644 (file)
--- a/java/org/apache/tomcat/util/http/Cookies.java
+++ b/java/org/apache/tomcat/util/http/Cookies.java
@@ -323,7 +323,8 @@ public final class Cookies { // extends MultiMap {
                     if (version == 0 &&
                                 !CookieSupport.isV0Separator((char)bytes[pos]) &&
                                 CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
-                            !CookieSupport.isHttpSeparator((char)bytes[pos])) {
+                            !CookieSupport.isHttpSeparator((char)bytes[pos]) ||
+                            bytes[pos] == '=' && CookieSupport.ALLOW_EQUALS_IN_VALUE) {
                         // Token
                         valueStart=pos;
                         // getToken returns the position at the delimeter