DefaultHttpCookiePair#parseCookiePair more strict overflow detection (#…

…1292) Motivation: DefaultHttpCookiePair#parseCookiePair doesn't check for overflow when calculating the value starting index. Modifications: - Check for overflow when calculating overflow index. Result: More robust overflow detection in DefaultHttpCookiePair#parseCookiePair.
apple · Dec 18, 2020 · 127e145 · 127e145
1 parent 7f80758
commit 127e145
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/servicetalk-http-api/src/main/java/io/servicetalk/http/api/DefaultHttpCookiePair.java b/servicetalk-http-api/src/main/java/io/servicetalk/http/api/DefaultHttpCookiePair.java
@@ -85,10 +85,12 @@ public static HttpCookiePair parseCookiePair(final CharSequence sequence, int na
         return parseCookiePair0(sequence, nameStart, nameLength, valueEnd < 0 ? sequence.length() : valueEnd);
     }
 
-    static HttpCookiePair parseCookiePair0(final CharSequence sequence, int nameStart, int nameLength, int valueEnd) {
+    private static HttpCookiePair parseCookiePair0(final CharSequence sequence, int nameStart, int nameLength,
+                                                   int valueEnd) {
         final int valueStart = nameStart + nameLength + 1;
-        if (valueEnd - 1 < valueStart) {
-            throw new IllegalArgumentException("unexpected format of cookie pair, empty value");
+        if (valueEnd <= valueStart || valueStart < 0) {
+            throw new IllegalArgumentException("value indexes are invalid. valueStart: " + valueStart
+                    + " valueEnd: " + valueEnd);
         }
         if (sequence.charAt(valueStart) == '"' && sequence.charAt(valueEnd - 1) == '"') {
             if (valueEnd - 2 <= valueStart) {