mbknor
diff --git a/‎src/main/java/com/ning/http/client/Cookie.java
Lines changed: 2 additions & 2 deletions b/‎src/main/java/com/ning/http/client/Cookie.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/main/java/com/ning/http/util/AsyncHttpProviderUtils.java
Lines changed: 3 additions & 1 deletion b/‎src/main/java/com/ning/http/util/AsyncHttpProviderUtils.java
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/test/java/com/ning/http/client/async/RemoteSiteTest.java
Lines changed: 17 additions & 0 deletions b/‎src/test/java/com/ning/http/client/async/RemoteSiteTest.java
Lines changed: 17 additions & 0 deletions
@@ -56,11 +56,11 @@ public String getDomain() {
     }
 
     public String getName() {
-        return name;
+        return name == null ? "" : name;
     }
 
     public String getValue() {
-        return value;
+        return value == null ? "" : value;
     }
 
     public String getPath() {
 
@@ -400,7 +400,8 @@ public static Cookie parseCookie(String value) {
         String[] fields = value.split(";\\s*");
         String[] cookie = fields[0].split("=");
         String cookieName = cookie[0];
-        String cookieValue = cookie[1];
+        String cookieValue = (cookie.length==1) ? null : cookie[1];
+
         int maxAge = -1;
         String path = null;
         String domain = null;
@@ -414,6 +415,7 @@ public static Cookie parseCookie(String value) {
                 secure = true;
             } else if (fields[j].indexOf('=') > 0) {
                 String[] f = fields[j].split("=");
+                if(f.length==1) continue; // Add protection against null field values
 
                 // favor 'max-age' field over 'expires'
                 if (!maxAgeSet && "max-age".equalsIgnoreCase(f[0])) {
 
@@ -221,6 +221,23 @@ public void stripQueryStringNegativeTest() throws Throwable {
         c.close();
     }
 
+    @Test(groups = {"online", "default_provider"})
+    public void evilCoookieTest() throws Throwable {
+        AsyncHttpClient c = getAsyncHttpClient(null);
+
+        RequestBuilder builder2 = new RequestBuilder("GET");
+        builder2.setFollowRedirects(true);
+        builder2.setUrl("http://www.google.com/");
+        builder2.addHeader("Content-Type", "text/plain");
+        builder2.addCookie(new com.ning.http.client.Cookie(".google.com", "evilcookie", "test", "/", 10, false));
+        com.ning.http.client.Request request2 = builder2.build();
+        Response response = c.executeRequest(request2).get();
+
+        assertNotNull(response);
+        assertEquals(response.getStatusCode(), 200);
+        c.close();
+    }
+
     @Test(groups = {"online", "default_provider"}, enabled = false)
     public void testAHC62Com() throws Throwable {
         AsyncHttpClient c = getAsyncHttpClient(new AsyncHttpClientConfig.Builder().setFollowRedirects(true).build());
Original file line number	Diff line number	Diff line change
`@@ -56,11 +56,11 @@ public String getDomain() {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`public String getName() {`
`59`		`- return name;`
	`59`	`+ return name == null ? "" : name;`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`public String getValue() {`
`63`		`- return value;`
	`63`	`+ return value == null ? "" : value;`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`public String getPath() {`