OpenJDK / jigsaw / jake / jdk
changeset 1929:ca026eb5cf3c
6901170: HttpCookie parsing of version and max-age mis-handled
Summary: Accept single quotes in cookies and better exception handling in CookieManager
Reviewed-by: chegar
| author | jccollet |
|---|---|
| date | Fri, 20 Nov 2009 14:50:55 +0100 |
| parents | c8fb7e11daf8 |
| children | 92198fb7e908 5d2e63dad298 2fec95bd2192 08f57141c305 |
| files | src/share/classes/java/net/CookieManager.java src/share/classes/java/net/HttpCookie.java test/java/net/CookieHandler/TestHttpCookie.java |
| diffstat | 3 files changed, 23 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/net/CookieManager.java Wed Nov 18 22:29:16 2009 -0800 +++ b/src/share/classes/java/net/CookieManager.java Fri Nov 20 14:50:55 2009 +0100 @@ -30,6 +30,7 @@ import java.util.Collections; import java.util.Comparator; import java.io.IOException; +import sun.util.logging.PlatformLogger; /** * CookieManager provides a concrete implementation of {@link CookieHandler}, @@ -263,6 +264,7 @@ if (cookieJar == null) return; + PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager"); for (String headerKey : responseHeaders.keySet()) { // RFC 2965 3.2.2, key must be 'Set-Cookie2' // we also accept 'Set-Cookie' here for backward compatibility @@ -277,7 +279,16 @@ for (String headerValue : responseHeaders.get(headerKey)) { try { - List<HttpCookie> cookies = HttpCookie.parse(headerValue); + List<HttpCookie> cookies; + try { + cookies = HttpCookie.parse(headerValue); + } catch (IllegalArgumentException e) { + // Bogus header, make an empty list and log the error + cookies = java.util.Collections.EMPTY_LIST; + if (logger.isLoggable(PlatformLogger.SEVERE)) { + logger.severe("Invalid cookie for " + uri + ": " + headerValue); + } + } for (HttpCookie cookie : cookies) { if (cookie.getPath() == null) { // If no path is specified, then by default
--- a/src/share/classes/java/net/HttpCookie.java Wed Nov 18 22:29:16 2009 -0800 +++ b/src/share/classes/java/net/HttpCookie.java Fri Nov 20 14:50:55 2009 +0100 @@ -1036,7 +1036,7 @@ int version = Integer.parseInt(attrValue); cookie.setVersion(version); } catch (NumberFormatException ignored) { - throw new IllegalArgumentException("Illegal cookie version attribute"); + // Just ignore bogus version, it will default to 0 or 1 } } }); @@ -1147,12 +1147,15 @@ } private static String stripOffSurroundingQuote(String str) { - if (str != null && str.length() > 0 && + if (str != null && str.length() > 2 && str.charAt(0) == '"' && str.charAt(str.length() - 1) == '"') { return str.substring(1, str.length() - 1); - } else { - return str; } + if (str != null && str.length() > 2 && + str.charAt(0) == '\'' && str.charAt(str.length() - 1) == '\'') { + return str.substring(1, str.length() - 1); + } + return str; } private static boolean equalsIgnoreCase(String s, String t) {
--- a/test/java/net/CookieHandler/TestHttpCookie.java Wed Nov 18 22:29:16 2009 -0800 +++ b/test/java/net/CookieHandler/TestHttpCookie.java Fri Nov 20 14:50:55 2009 +0100 @@ -24,7 +24,7 @@ /** * @test * @summary Unit test for java.net.HttpCookie - * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 + * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 6901170 * @author Edward Wang */ @@ -335,6 +335,9 @@ // bug 6277801 test("set-cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; path=\"/acme\"") .n("CUSTOMER").v("WILE_E_COYOTE").p("/").ver(0); + + // bug 6901170 + test("set-cookie: CUSTOMER=WILE_E_COYOTE; version='1'").ver(1); } static void misc() {