7188517: Check on '$' character is missing in the HttpCookie class constructor

Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown. Reviewed-by: chegar, khazra, michaelm
2025-09-21 19:44:41 +02:00 · 2013-05-31 15:18:15 -04:00 · 2013-05-31 15:18:15 -04:00 · ae11ef7f7f
commit ae11ef7f7f
parent b593542883
2 changed files with 8 additions and 6 deletions
--- a/jdk/src/share/classes/java/net/HttpCookie.java
+++ b/jdk/src/share/classes/java/net/HttpCookie.java
@ -128,8 +128,7 @@ public final class HttpCookie implements Cloneable {
     *         a {@code String} specifying the value of the cookie
     *
     * @throws  IllegalArgumentException
-     *          if the cookie name contains illegal characters or it is one of
-     *          the tokens reserved for use by the cookie protocol
+     *          if the cookie name contains illegal characters
     * @throws  NullPointerException
     *          if {@code name} is {@code null}
     *
@ -142,7 +141,7 @@ public final class HttpCookie implements Cloneable {

    private HttpCookie(String name, String value, String header) {
        name = name.trim();
-        if (name.length() == 0 || !isToken(name)) {
+        if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') {
            throw new IllegalArgumentException("Illegal cookie name");
        }

@ -170,9 +169,8 @@ public final class HttpCookie implements Cloneable {
     * @return  a List of cookie parsed from header line string
     *
     * @throws  IllegalArgumentException
-     *          if header string violates the cookie specification's syntax, or
-     *          the cookie name contains illegal characters, or the cookie name
-     *          is one of the tokens reserved for use by the cookie protocol
+     *          if header string violates the cookie specification's syntax or
+     *          the cookie name contains illegal characters.
     * @throws  NullPointerException
     *          if the header string is {@code null}
     */
--- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java
+++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java
@ -243,6 +243,10 @@ public class TestHttpCookie {
        test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
        .n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme");

+        // $NAME is reserved; result should be null
+        test("set-cookie2: $Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
+        .nil();
+
        // a 'full' cookie
        test("set-cookie2: Customer=\"WILE_E_COYOTE\"" +
                ";Version=\"1\"" +