8000 Fix NPE on invalid cookie, close #1512 · carlanton/async-http-client@22211e5 · GitHub
[go: up one dir, main page]
Skip to content

Commit 22211e5

Browse files
slandelleslandelle
committed
Fix NPE on invalid cookie, close AsyncHttpClient#1512
Motivation: Cookie could be null if the Set-Cookie header is malformed or invalid. We need to protect against those. Then, we’re always using the strict decoder without honoring the config property. Modifications: * protect against null cookies * honor `useLaxCookieEncoder` config Result: No more NPE on invalid cookies
1 parent 1f2707f commit 22211e5

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

client/src/main/java/org/asynchttpclient/netty/handler/intercept/Interceptors.java

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ public class Interceptors {
4040
private final ConnectSuccessInterceptor connectSuccessInterceptor;
4141
private final ResponseFiltersInterceptor responseFiltersInterceptor;
4242
private final boolean hasResponseFilters;
43+
private final ClientCookieDecoder cookieDecoder;
4344

4445
public Interceptors(AsyncHttpClientConfig config,
4546
ChannelManager channelManager,
@@ -52,6 +53,7 @@ public Interceptors(AsyncHttpClientConfig config,
5253
connectSuccessInterceptor = new ConnectSuccessInterceptor(channelManager, requestSender);
5354
responseFiltersInterceptor = new ResponseFiltersInterceptor(config, requestSender);
5455
hasResponseFilters = !config.getResponseFilters().isEmpty();
56+
cookieDecoder = config.isUseLaxCookieEncoder() ? ClientCookieDecoder.LAX : ClientCookieDecoder.STRICT;
5557
}
5658

5759
public boolean exitAfterIntercept(Channel channel,
@@ -71,8 +73,11 @@ public boolean exitAfterIntercept(Channel channel,
7173
CookieStore cookieStore = config.getCookieStore();
7274
if (cookieStore != null) {
7375
for (String cookieStr : responseHeaders.getAll(SET_COOKIE)) {
74-
Cookie c = ClientCookieDecoder.STRICT.decode(cookieStr);
75-
cookieStore.add(future.getCurrentRequest().getUri(), c);
76+
Cookie c = cookieDecoder.decode(cookieStr);
77+
if (c != null) {
78+
// Set-Cookie header could be invalid/malformed
79+
cookieStore.add(future.getCurrentRequest().getUri(), c);
80+
}
7681
}
7782
}
7883

0 commit comments

Comments
 (0)
0