Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6901170

HttpCookie parsing of version and max-age mis-handled

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 7
    • Fix Version/s: 7
    • Component/s: core-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b78
    • CPU:
      generic
    • OS:
      generic

      Description

      When parsing headers, HttpCookie.parse() can throw an IllegalArgumentException, which is not caught by CookieManager.
      Since this is a RuntimeException, this usually escalates to the top-level of the application, which is unreasonable.
      This is the case, for instance, when sites send cookies with version between quotes. E.G.:
      Set-Cookie: foo=bar; version='1'

        Activity

        Hide
        jccollet Jean-Christophe Collet (Inactive) added a comment -
        BT2:EVALUATION

        3 things to fix there:
        - Handle single quotes in HttpCookie attributes
        - Don't throw exception when one attribute is bogus, just ignore it
        - catch IllegalArgumentException in CookieManager
        Show
        jccollet Jean-Christophe Collet (Inactive) added a comment - BT2:EVALUATION 3 things to fix there: - Handle single quotes in HttpCookie attributes - Don't throw exception when one attribute is bogus, just ignore it - catch IllegalArgumentException in CookieManager

          People

          • Assignee:
            jccollet Jean-Christophe Collet (Inactive)
            Reporter:
            jccollet Jean-Christophe Collet (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Imported:
              Indexed: