Opened on 01/28/2016 at 09:12:36 AM
Last modified on 01/04/2018 at 10:20:06 AM
#3592 new defect
Long cookies are truncated (due to buffer limited to 1Kb)
Reported by: | enzom | Assignee: | |
---|---|---|---|
Priority: | Unknown | Milestone: | |
Module: | Adblock-Plus-for-Android | Keywords: | |
Cc: | rjeschke, fhd | Blocked By: | |
Blocking: | Platform: | Android | |
Ready: | no | Confidential: | no |
Tester: | Unknown | Verified working: | no |
Review URL(s): |
Description
Environment
Galaxy S5 Duos under Android 4.4.2; SM-G900FD Build/KOT49H
both Chrome 46.0.2490.76 and the stock browser called "Internet"
Adblock Plus Version 1.3 build# 359
How to reproduce
- Be a subscriber of FT.com
- Login
- Go to http://click.email.ft.com/?qs=3ab2dcaee14c753d45f5f5ce91eda0d977df215b6dbc6d931e7b5991168f64b6c9d99d46fa7cfaa8
Observed behaviour
Get back an error page that says:
Bad Request - Invalid Header
HTTP Error 400. The request has an invalid header name
Expected behaviour
The recommended article should be displayed
Diagnosis of the problem
I captured the packets sent by the proxy to the web server (using TCPdump on the router) and it turns out that that the HTTP request contains a very long cookie (which your browser doesn't send because you are not logged on the FT.com website...); apparently, AdBlock Plus inserts a CRLF after the first KB of the "Cookie": header. It also chops 57 bytes off the end of the second piece:
--- Original Cookie header:
Cookie:
SIVISITOR=MS41MjAuODY4NTc5MzkxMzkwMS4xNDQyNDQ5MzMzNTIyLjU3ZmZlNjIy*; FTUserTrack=218.103.207.18.1442449334781019; __gads=ID=2343ada717035b3c:T=1442537980:S=ALNI_MY6PZ39CYb0yZcsb10CwFzEHYyHXg; FTSession=09eB-sSOyE5K04jKlO9mpX5yzwAAAVCX9I8Cww.MEUCIQCKikfbv66YBD1CzewDi8OnGdcQ7VsZ92NxxK-J_5cOnwIgCuccZYq418XT8p6H6Lo_qRoWYnW3wu4DnTHcOckpmvg; FT_Remember=3474851:TK7289857574893577512:FNAME=MICHELANGELI:LNAME=ENZO:EMAIL=enzomich@gmail.com; anon-opt-in=true; mm_ijento_sent=VC66VideoWidgetCopy%7CVC79HideRegisterLink%7CVC92BarrierOfferSegmenting%7CT18_MobOverlayDesign%7C; __utma=138983524.1213373358.1442449348.1447471368.1449199838.3; __utmz=138983524.1449199838.3.3.utmcsr=m.ft.com|utmccn=(referral)|utmcmd=referral|utmcct=/2015/12/03/2146593/enroll-now-a-crisis-teach-in-with-tim-geithner; FT_P=exp=1449542323214&prod=71|72|74; FT_U=_EID=3474851_PID=4003474851_TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D_SKEY=1Q73r7pNzYBIEU02HDu5nw%3D%3D_; FT_User=USERID=4003474851:EMAIL=enzomich@gmail.com:FNAME=MICHELANGELI:LNAME=ENZO:TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D:USERNAME=enzomich@gmail.com:REMEMBER=_REMEMBER_:ERIGHTSID=3474851:PRODUCTS=_Tools_P0_P2_:RESOURCES=_lex_immediatepremium_printedn_portfolio_ePaper_clipthis_nbe_extelapp_referrer check_ftnipa_tools_ftalert_fastft_fttools_pagepremium_mobilegold_hybrid_third-party-blogs_ftnipa_countedcount_Premium Benefits_:GROUPS=_B2CMigrated_Order Management_Migration Completed_Asia_:X=MC0CFCWp6HNhD%2FVuFNn%2FZAZP%2Fn0fxFMkAhUAjnwiF8uyDiVWZGfuaPUr%2B%2FKYIUU%3D; mmcore.tst=0.791; mm_pc=Discount%3DNo%26MarketoEmail%3DNoMarketoEmail%26B2BorB2C%3DB2C; cookieconsent=seen; mmid=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.pd=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.srv=lvsvwcgeu03; FT_M=D=M|F=|R=0; FT_SITE=NEXT; FTAllocation=d781fac4-8ec8-4e4a-88ca-94ef66a57e72; h2_spd=5000; h2_isEnabled=true; h2_rtt=105; AYSC=_01_02X_04PVT_05ITT_06TEC_07OP_12_13HKG_14HKG_15HK_17PVT_18PVT_19xxxx_20x_22ToolsP0P2_24PVT_25PVT_26PVT_27PVT_40_41_42_45_47ABW01_53_96PVT_97_98PVT_; AYSC_C=S; spoor-id=1f070c28-38a1-41b3-bca3-fb5f4d5d232d
--- Cookie header produced by the AdBlock Plus proxy (split into two lines by the spurious CRLF after 1024 bytes):
Cookie:
SIVISITOR=MS41MjAuODY4NTc5MzkxMzkwMS4xNDQyNDQ5MzMzNTIyLjU3ZmZlNjIy*; FTUserTrack=218.103.207.18.1442449334781019; __gads=ID=2343ada717035b3c:T=1442537980:S=ALNI_MY6PZ39CYb0yZcsb10CwFzEHYyHXg; FTSession=09eB-sSOyE5K04jKlO9mpX5yzwAAAVCX9I8Cww.MEUCIQCKikfbv66YBD1CzewDi8OnGdcQ7VsZ92NxxK-J_5cOnwIgCuccZYq418XT8p6H6Lo_qRoWYnW3wu4DnTHcOckpmvg; FT_Remember=3474851:TK7289857574893577512:FNAME=MICHELANGELI:LNAME=ENZO:EMAIL=enzomich@gmail.com; anon-opt-in=true; mm_ijento_sent=VC66VideoWidgetCopy%7CVC79HideRegisterLink%7CVC92BarrierOfferSegmenting%7CT18_MobOverlayDesign%7C; __utma=138983524.1213373358.1442449348.1447471368.1449199838.3; __utmz=138983524.1449199838.3.3.utmcsr=m.ft.com|utmccn=(referral)|utmcmd=referral|utmcct=/2015/12/03/2146593/enroll-now-a-crisis-teach-in-with-tim-geithner; FT_P=exp=1449542323214&prod=71|72|74; FT_U=_EID=3474851_PID=4003474851_TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D_SKEY=1Q73r7pNzYBIEU02HDu5nw%3D%3D_; FT_User=USERID=4003474851:EMAIL=enzomich@gmail.com:FNAME=MICHELANGELI:LNA
ME=ENZO: TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D:USERNAME=enzomich@gmail.com:REMEMBER=_REMEMBER_:ERIGHTSID=3474851:PRODUCTS=_Tools_P0_P2_:RESOURCES=_lex_immediatepremium_printedn_portfolio_ePaper_clipthis_nbe_extelapp_referrer check_ftnipa_tools_ftalert_fastft_fttools_pagepremium_mobilegold_hybrid_third-party-blogs_ftnipa_countedcount_Premium Benefits_:GROUPS=_B2CMigrated_Order Management_Migration Completed_Asia_:X=MC0CFCWp6HNhD%2FVuFNn%2FZAZP%2Fn0fxFMkAhUAjnwiF8uyDiVWZGfuaPUr%2B%2FKYIUU%3D; mmcore.tst=0.791; mm_pc=Discount%3DNo%26MarketoEmail%3DNoMarketoEmail%26B2BorB2C%3DB2C; cookieconsent=seen; mmid=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.pd=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.srv=lvsvwcgeu03; FT_M=D=M|F=|R=0; FT_SITE=NEXT; FTAllocation=d781fac4-8ec8-4e4a-88ca-94ef66a57e72; spoor-id=1f070c28-38a1-41b3-bca3-fb5f4d5d232d; AYSC=_01_02X_04PVT_05ITT_06TEC_07OP_12_13HKG_14HKG_15HK_17PVT_18PVT_19xxxx_20x_22ToolsP0P2_24PVT_25PVT_26PVT_27PVT_40_41_42_45_47ABW01_53_96PVT_97_98PVT_
Suggested fix:
I suspect that at least one of the places where 1024 should be changed into 4106 is src/sunlabs/brazil/util/http/MimeHeaders.java :
public class MimeHeaders extends StringMap { /* * Place arbitrary limits on header size to mitigate DOS attacts. */ public static final int MAX_LINE=1024; public static final int MAX_LINES=1024; /** * Creates a new, empty <code>MimeHeaders</code> object. */ public MimeHeaders() [...]
Attachments (0)
Change History (4)
comment:1 Changed on 01/28/2016 at 02:07:54 PM by mapx
- Cc rjeschke fhd added
comment:3 in reply to: ↑ 2 Changed on 01/28/2016 at 03:03:34 PM by enzom
Replying to mapx:
another similar issue https://issues.adblockplus.org/ticket/2963
Indeed, all the lines of the HTTP dialogue are affected. I recommend an increase from 1024 to at least 4106 because cookies may take up to 4096 bytes.
comment:4 Changed on 01/04/2018 at 10:20:06 AM by diegocarloslima
- Component changed from Unknown to Adblock-Plus-for-Android
another similar issue https://issues.adblockplus.org/ticket/2963