Opened 4 years ago

Last modified 20 months ago

#3592 new defect

Long cookies are truncated (due to buffer limited to 1Kb)

Reported by: enzom Assignee:
Priority: Unknown Milestone:
Module: Adblock-Plus-for-Android Keywords:
Cc: rjeschke, fhd Blocked By:
Blocking: Platform: Android
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description

Environment

Galaxy S5 Duos under Android 4.4.2; SM-G900FD Build/KOT49H
both Chrome 46.0.2490.76 and the stock browser called "Internet"
Adblock Plus Version 1.3 build# 359

How to reproduce

  1. Be a subscriber of FT.com
  2. Login
  3. Go to http://click.email.ft.com/?qs=3ab2dcaee14c753d45f5f5ce91eda0d977df215b6dbc6d931e7b5991168f64b6c9d99d46fa7cfaa8

Observed behaviour

Get back an error page that says:
Bad Request - Invalid Header
HTTP Error 400. The request has an invalid header name

Expected behaviour

The recommended article should be displayed

Diagnosis of the problem

I captured the packets sent by the proxy to the web server (using TCPdump on the router) and it turns out that that the HTTP request contains a very long cookie (which your browser doesn't send because you are not logged on the FT.com website...); apparently, AdBlock Plus inserts a CRLF after the first KB of the "Cookie": header. It also chops 57 bytes off the end of the second piece:
--- Original Cookie header:
Cookie:

SIVISITOR=MS41MjAuODY4NTc5MzkxMzkwMS4xNDQyNDQ5MzMzNTIyLjU3ZmZlNjIy*; FTUserTrack=218.103.207.18.1442449334781019; __gads=ID=2343ada717035b3c:T=1442537980:S=ALNI_MY6PZ39CYb0yZcsb10CwFzEHYyHXg; FTSession=09eB-sSOyE5K04jKlO9mpX5yzwAAAVCX9I8Cww.MEUCIQCKikfbv66YBD1CzewDi8OnGdcQ7VsZ92NxxK-J_5cOnwIgCuccZYq418XT8p6H6Lo_qRoWYnW3wu4DnTHcOckpmvg; FT_Remember=3474851:TK7289857574893577512:FNAME=MICHELANGELI:LNAME=ENZO:EMAIL=enzomich@gmail.com; anon-opt-in=true; mm_ijento_sent=VC66VideoWidgetCopy%7CVC79HideRegisterLink%7CVC92BarrierOfferSegmenting%7CT18_MobOverlayDesign%7C; __utma=138983524.1213373358.1442449348.1447471368.1449199838.3; __utmz=138983524.1449199838.3.3.utmcsr=m.ft.com|utmccn=(referral)|utmcmd=referral|utmcct=/2015/12/03/2146593/enroll-now-a-crisis-teach-in-with-tim-geithner; FT_P=exp=1449542323214&prod=71|72|74; FT_U=_EID=3474851_PID=4003474851_TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D_SKEY=1Q73r7pNzYBIEU02HDu5nw%3D%3D_; FT_User=USERID=4003474851:EMAIL=enzomich@gmail.com:FNAME=MICHELANGELI:LNAME=ENZO:TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D:USERNAME=enzomich@gmail.com:REMEMBER=_REMEMBER_:ERIGHTSID=3474851:PRODUCTS=_Tools_P0_P2_:RESOURCES=_lex_immediatepremium_printedn_portfolio_ePaper_clipthis_nbe_extelapp_referrer check_ftnipa_tools_ftalert_fastft_fttools_pagepremium_mobilegold_hybrid_third-party-blogs_ftnipa_countedcount_Premium Benefits_:GROUPS=_B2CMigrated_Order Management_Migration Completed_Asia_:X=MC0CFCWp6HNhD%2FVuFNn%2FZAZP%2Fn0fxFMkAhUAjnwiF8uyDiVWZGfuaPUr%2B%2FKYIUU%3D; mmcore.tst=0.791; mm_pc=Discount%3DNo%26MarketoEmail%3DNoMarketoEmail%26B2BorB2C%3DB2C; cookieconsent=seen; mmid=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.pd=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.srv=lvsvwcgeu03; FT_M=D=M|F=|R=0; FT_SITE=NEXT; FTAllocation=d781fac4-8ec8-4e4a-88ca-94ef66a57e72; h2_spd=5000; h2_isEnabled=true; h2_rtt=105; AYSC=_01_02X_04PVT_05ITT_06TEC_07OP_12_13HKG_14HKG_15HK_17PVT_18PVT_19xxxx_20x_22ToolsP0P2_24PVT_25PVT_26PVT_27PVT_40_41_42_45_47ABW01_53_96PVT_97_98PVT_; AYSC_C=S; spoor-id=1f070c28-38a1-41b3-bca3-fb5f4d5d232d

--- Cookie header produced by the AdBlock Plus proxy (split into two lines by the spurious CRLF after 1024 bytes):
Cookie:

SIVISITOR=MS41MjAuODY4NTc5MzkxMzkwMS4xNDQyNDQ5MzMzNTIyLjU3ZmZlNjIy*; FTUserTrack=218.103.207.18.1442449334781019; __gads=ID=2343ada717035b3c:T=1442537980:S=ALNI_MY6PZ39CYb0yZcsb10CwFzEHYyHXg; FTSession=09eB-sSOyE5K04jKlO9mpX5yzwAAAVCX9I8Cww.MEUCIQCKikfbv66YBD1CzewDi8OnGdcQ7VsZ92NxxK-J_5cOnwIgCuccZYq418XT8p6H6Lo_qRoWYnW3wu4DnTHcOckpmvg; FT_Remember=3474851:TK7289857574893577512:FNAME=MICHELANGELI:LNAME=ENZO:EMAIL=enzomich@gmail.com; anon-opt-in=true; mm_ijento_sent=VC66VideoWidgetCopy%7CVC79HideRegisterLink%7CVC92BarrierOfferSegmenting%7CT18_MobOverlayDesign%7C; __utma=138983524.1213373358.1442449348.1447471368.1449199838.3; __utmz=138983524.1449199838.3.3.utmcsr=m.ft.com|utmccn=(referral)|utmcmd=referral|utmcct=/2015/12/03/2146593/enroll-now-a-crisis-teach-in-with-tim-geithner; FT_P=exp=1449542323214&prod=71|72|74; FT_U=_EID=3474851_PID=4003474851_TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D_SKEY=1Q73r7pNzYBIEU02HDu5nw%3D%3D_; FT_User=USERID=4003474851:EMAIL=enzomich@gmail.com:FNAME=MICHELANGELI:LNA
ME=ENZO: TIME=%5BTue%2C+08-Dec-2015+02%3A08%3A43+GMT%5D:USERNAME=enzomich@gmail.com:REMEMBER=_REMEMBER_:ERIGHTSID=3474851:PRODUCTS=_Tools_P0_P2_:RESOURCES=_lex_immediatepremium_printedn_portfolio_ePaper_clipthis_nbe_extelapp_referrer check_ftnipa_tools_ftalert_fastft_fttools_pagepremium_mobilegold_hybrid_third-party-blogs_ftnipa_countedcount_Premium Benefits_:GROUPS=_B2CMigrated_Order Management_Migration Completed_Asia_:X=MC0CFCWp6HNhD%2FVuFNn%2FZAZP%2Fn0fxFMkAhUAjnwiF8uyDiVWZGfuaPUr%2B%2FKYIUU%3D; mmcore.tst=0.791; mm_pc=Discount%3DNo%26MarketoEmail%3DNoMarketoEmail%26B2BorB2C%3DB2C; cookieconsent=seen; mmid=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.pd=2118282253%7CRAAAAAo6+jK0bQwAAA%3D%3D; mmcore.srv=lvsvwcgeu03; FT_M=D=M|F=|R=0; FT_SITE=NEXT; FTAllocation=d781fac4-8ec8-4e4a-88ca-94ef66a57e72; spoor-id=1f070c28-38a1-41b3-bca3-fb5f4d5d232d; AYSC=_01_02X_04PVT_05ITT_06TEC_07OP_12_13HKG_14HKG_15HK_17PVT_18PVT_19xxxx_20x_22ToolsP0P2_24PVT_25PVT_26PVT_27PVT_40_41_42_45_47ABW01_53_96PVT_97_98PVT_

Suggested fix:

I suspect that at least one of the places where 1024 should be changed into 4106 is src/sunlabs/brazil/util/http/MimeHeaders.java :

public class MimeHeaders
    extends StringMap
{
    /*
     * Place arbitrary limits on header size to mitigate DOS attacts.
     */

    public static final int MAX_LINE=1024;
    public static final int MAX_LINES=1024;

    /**
     * Creates a new, empty <code>MimeHeaders</code> object.
     */
    public
    MimeHeaders()
    [...]

Change History (4)

comment:1 Changed 4 years ago by mapx

  • Cc rjeschke fhd added

comment:2 follow-up: Changed 4 years ago by mapx

comment:3 in reply to: ↑ 2 Changed 4 years ago by enzom

Replying to mapx:

another similar issue https://issues.adblockplus.org/ticket/2963

Indeed, all the lines of the HTTP dialogue are affected. I recommend an increase from 1024 to at least 4106 because cookies may take up to 4096 bytes.

comment:4 Changed 20 months ago by diegocarloslima

  • Component changed from Unknown to Adblock-Plus-for-Android
Note: See TracTickets for help on using tickets.