From 9550c0759d8efae55ff9aa73a1bef4500b5ee3aa Mon Sep 17 00:00:00 2001
From: Trustin Lee <trustin@gmail.com>
Date: Thu, 26 Feb 2009 08:35:38 +0000
Subject: [PATCH] Strict cookie name validation

---
 .../handler/codec/http/DefaultCookie.java     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java b/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
index 7d8930ab45..f703f6aed5 100644
--- a/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
+++ b/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
@@ -21,6 +21,7 @@
  */
 package org.jboss.netty.handler.codec.http;
 
+
 /**
  * @author The Netty Project (netty-dev@lists.jboss.org)
  * @author Andy Taylor (andy.taylor@jboss.org)
@@ -42,6 +43,28 @@ public class DefaultCookie implements Cookie {
         if (name == null) {
             throw new NullPointerException("name");
         }
+        name = name.trim();
+        if (name.length() == 0) {
+            throw new IllegalArgumentException("empty name");
+        }
+
+        for (int i = 0; i < name.length(); i ++) {
+            char c = name.charAt(i);
+            if (c > 127) {
+                throw new IllegalArgumentException(
+                        "name contains non-ascii character: " + name);
+            }
+
+            // Check prohibited characters.
+            switch (c) {
+            case '=':  case ',':  case ';': case ' ':
+            case '\t': case '\r': case '\n': case '\f':
+            case 0x0b: // Vertical tab
+                throw new IllegalArgumentException(
+                        "name contains one of the following characters: " +
+                        "=,; \\t\\r\\n\\v\\f: " + name);
+            }
+        }
         this.name = name;
         setValue(value);
     }