From c5331a51f3a95e0e372edeba4563447f3ee2f209 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Sun, 1 Nov 2009 23:04:33 +0000
Subject: [PATCH] Don't allow null or zero length cookie names.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@831779 13f79535-47bb-0310-9956-ffa450edef68
---
 java/javax/servlet/http/Cookie.java | 43 ++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/java/javax/servlet/http/Cookie.java b/java/javax/servlet/http/Cookie.java
index 5bb0bc5fc..f20414ae8 100644
--- a/java/javax/servlet/http/Cookie.java
+++ b/java/javax/servlet/http/Cookie.java
@@ -17,7 +17,6 @@
 package javax.servlet.http;
 
 import java.text.MessageFormat;
-import java.util.Date;
 import java.util.ResourceBundle;
 
 /**
@@ -124,26 +123,30 @@ public class Cookie implements Cloneable {
      */
 
     public Cookie(String name, String value) {
-	if (!isToken(name)
-		|| name.equalsIgnoreCase("Comment")	// rfc2019
-		|| name.equalsIgnoreCase("Discard")	// 2019++
-		|| name.equalsIgnoreCase("Domain")
-		|| name.equalsIgnoreCase("Expires")	// (old cookies)
-		|| name.equalsIgnoreCase("Max-Age")	// rfc2019
-		|| name.equalsIgnoreCase("Path")
-		|| name.equalsIgnoreCase("Secure")
-		|| name.equalsIgnoreCase("Version")
-		|| name.startsWith("$")
-	    ) {
-	    String errMsg = lStrings.getString("err.cookie_name_is_token");
-	    Object[] errArgs = new Object[1];
-	    errArgs[0] = name;
-	    errMsg = MessageFormat.format(errMsg, errArgs);
-	    throw new IllegalArgumentException(errMsg);
-	}
+        if (name == null || name.length() == 0) {
+            throw new IllegalArgumentException(
+                    lStrings.getString("err.cookie_name_blank"));
+        }
+        if (!isToken(name)
+                || name.equalsIgnoreCase("Comment") // rfc2019
+                || name.equalsIgnoreCase("Discard") // 2019++
+                || name.equalsIgnoreCase("Domain")
+                || name.equalsIgnoreCase("Expires") // (old cookies)
+                || name.equalsIgnoreCase("Max-Age") // rfc2019
+                || name.equalsIgnoreCase("Path")
+                || name.equalsIgnoreCase("Secure")
+                || name.equalsIgnoreCase("Version")
+                || name.startsWith("$")
+            ) {
+            String errMsg = lStrings.getString("err.cookie_name_is_token");
+            Object[] errArgs = new Object[1];
+            errArgs[0] = name;
+            errMsg = MessageFormat.format(errMsg, errArgs);
+            throw new IllegalArgumentException(errMsg);
+        }
 
-	this.name = name;
-	this.value = value;
+        this.name = name;
+        this.value = value;
     }
 
 
-- 
2.11.0