6901170: HttpCookie parsing of version and max-age mis-handled
Summary: Accept single quotes in cookies and better exception handling in CookieManager
Reviewed-by: chegar
--- a/jdk/src/share/classes/java/net/CookieManager.java Wed Nov 18 22:29:16 2009 -0800
+++ b/jdk/src/share/classes/java/net/CookieManager.java Fri Nov 20 14:50:55 2009 +0100
@@ -30,6 +30,7 @@
import java.util.Collections;
import java.util.Comparator;
import java.io.IOException;
+import sun.util.logging.PlatformLogger;
/**
* CookieManager provides a concrete implementation of {@link CookieHandler},
@@ -263,6 +264,7 @@
if (cookieJar == null)
return;
+ PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager");
for (String headerKey : responseHeaders.keySet()) {
// RFC 2965 3.2.2, key must be 'Set-Cookie2'
// we also accept 'Set-Cookie' here for backward compatibility
@@ -277,7 +279,16 @@
for (String headerValue : responseHeaders.get(headerKey)) {
try {
- List<HttpCookie> cookies = HttpCookie.parse(headerValue);
+ List<HttpCookie> cookies;
+ try {
+ cookies = HttpCookie.parse(headerValue);
+ } catch (IllegalArgumentException e) {
+ // Bogus header, make an empty list and log the error
+ cookies = java.util.Collections.EMPTY_LIST;
+ if (logger.isLoggable(PlatformLogger.SEVERE)) {
+ logger.severe("Invalid cookie for " + uri + ": " + headerValue);
+ }
+ }
for (HttpCookie cookie : cookies) {
if (cookie.getPath() == null) {
// If no path is specified, then by default
--- a/jdk/src/share/classes/java/net/HttpCookie.java Wed Nov 18 22:29:16 2009 -0800
+++ b/jdk/src/share/classes/java/net/HttpCookie.java Fri Nov 20 14:50:55 2009 +0100
@@ -1036,7 +1036,7 @@
int version = Integer.parseInt(attrValue);
cookie.setVersion(version);
} catch (NumberFormatException ignored) {
- throw new IllegalArgumentException("Illegal cookie version attribute");
+ // Just ignore bogus version, it will default to 0 or 1
}
}
});
@@ -1147,12 +1147,15 @@
}
private static String stripOffSurroundingQuote(String str) {
- if (str != null && str.length() > 0 &&
+ if (str != null && str.length() > 2 &&
str.charAt(0) == '"' && str.charAt(str.length() - 1) == '"') {
return str.substring(1, str.length() - 1);
- } else {
- return str;
}
+ if (str != null && str.length() > 2 &&
+ str.charAt(0) == '\'' && str.charAt(str.length() - 1) == '\'') {
+ return str.substring(1, str.length() - 1);
+ }
+ return str;
}
private static boolean equalsIgnoreCase(String s, String t) {
--- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java Wed Nov 18 22:29:16 2009 -0800
+++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java Fri Nov 20 14:50:55 2009 +0100
@@ -24,7 +24,7 @@
/**
* @test
* @summary Unit test for java.net.HttpCookie
- * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677
+ * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 6901170
* @author Edward Wang
*/
@@ -335,6 +335,9 @@
// bug 6277801
test("set-cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; path=\"/acme\"")
.n("CUSTOMER").v("WILE_E_COYOTE").p("/").ver(0);
+
+ // bug 6901170
+ test("set-cookie: CUSTOMER=WILE_E_COYOTE; version='1'").ver(1);
}
static void misc() {