From ae11ef7f7f421f1ea614330470efe9c3d4d5badc Mon Sep 17 00:00:00 2001
From: John Zavgren <john.zavgren@oracle.com>
Date: Fri, 31 May 2013 15:18:15 -0400
Subject: [PATCH] 7188517: Check on '$' character is missing in the HttpCookie
 class constructor

Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown.

Reviewed-by: chegar, khazra, michaelm
---
 jdk/src/share/classes/java/net/HttpCookie.java      | 10 ++++------
 jdk/test/java/net/CookieHandler/TestHttpCookie.java |  4 ++++
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/jdk/src/share/classes/java/net/HttpCookie.java b/jdk/src/share/classes/java/net/HttpCookie.java
index d5a36df507f..d265e284c26 100644
--- a/jdk/src/share/classes/java/net/HttpCookie.java
+++ b/jdk/src/share/classes/java/net/HttpCookie.java
@@ -128,8 +128,7 @@ public final class HttpCookie implements Cloneable {
      *         a {@code String} specifying the value of the cookie
      *
      * @throws  IllegalArgumentException
-     *          if the cookie name contains illegal characters or it is one of
-     *          the tokens reserved for use by the cookie protocol
+     *          if the cookie name contains illegal characters
      * @throws  NullPointerException
      *          if {@code name} is {@code null}
      *
@@ -142,7 +141,7 @@ public final class HttpCookie implements Cloneable {
 
     private HttpCookie(String name, String value, String header) {
         name = name.trim();
-        if (name.length() == 0 || !isToken(name)) {
+        if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') {
             throw new IllegalArgumentException("Illegal cookie name");
         }
 
@@ -170,9 +169,8 @@ public final class HttpCookie implements Cloneable {
      * @return  a List of cookie parsed from header line string
      *
      * @throws  IllegalArgumentException
-     *          if header string violates the cookie specification's syntax, or
-     *          the cookie name contains illegal characters, or the cookie name
-     *          is one of the tokens reserved for use by the cookie protocol
+     *          if header string violates the cookie specification's syntax or
+     *          the cookie name contains illegal characters.
      * @throws  NullPointerException
      *          if the header string is {@code null}
      */
diff --git a/jdk/test/java/net/CookieHandler/TestHttpCookie.java b/jdk/test/java/net/CookieHandler/TestHttpCookie.java
index 1975fef4959..55037a07090 100644
--- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java
+++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java
@@ -243,6 +243,10 @@ public class TestHttpCookie {
         test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
         .n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme");
 
+        // $NAME is reserved; result should be null
+        test("set-cookie2: $Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
+        .nil();
+
         // a 'full' cookie
         test("set-cookie2: Customer=\"WILE_E_COYOTE\"" +
                 ";Version=\"1\"" +