X-Git-Url: http://dolda2000.com/gitweb/?p=jsvc.git;a=blobdiff_plain;f=src%2Fdolda%2Fjsvc%2Futil%2FCookie.java;h=b85a7ff14b747a7193e5d801cff8ba83fa52bef2;hp=591289dcf3f0e76ff1c0c0ee52a59b06fa00dcc0;hb=5e8bab52e7ad1f8faffe4296b738fd1053a62900;hpb=1897eace96225a1571a01031efc90a4224556c9d

diff --git a/src/dolda/jsvc/util/Cookie.java b/src/dolda/jsvc/util/Cookie.java
index 591289d..b85a7ff 100644
--- a/src/dolda/jsvc/util/Cookie.java
+++ b/src/dolda/jsvc/util/Cookie.java
@@ -61,13 +61,14 @@ public class Cookie {
 	MultiMap<String, Cookie> ret = new WrappedMultiMap<String, Cookie>(new TreeMap<String, Collection<Cookie>>());
 	for(String in : req.inheaders().values("Cookie")) {
 	    try {
-		StringReader r = new StringReader(in);
+		PushbackReader r = new PushbackReader(new StringReader(in));
 		Cookie c = null;
 		while(true) {
 		    String k = Http.tokenunquote(r);
+		    Misc.eatws(r);
+		    if((k == null) || (r.read() != '='))
+			throw(new Http.EncodingException("Illegal cookie header format"));
 		    String v = Http.tokenunquote(r);
-		    if(k == null)
-			break;
 		    if(k.equals("$Version")) {
 			if(Integer.parseInt(v) != 1)
 			    throw(new Http.EncodingException("Unknown cookie format version"));
@@ -81,6 +82,12 @@ public class Cookie {
 			c = new Cookie(k, v);
 			ret.add(k, c);
 		    }
+		    Misc.eatws(r);
+		    int sep = r.read();
+		    if(sep < 0)
+			break;
+		    if(sep != ';')
+			throw(new Http.EncodingException("Illegal cookie header format"));
 		}
 	    } catch(IOException e) {
 		throw(new Error(e));