From 6fb564a629e168223c6fca7a65f85491de48334f Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@gopivotal.com>
Date: Fri, 23 Sep 2016 12:49:01 -0500
Subject: [PATCH] Polish HTTP Response Splitting

Issue gh-3910
---
 .../web/firewall/FirewalledResponse.java       | 18 +++++++++---------
 .../web/firewall/FirewalledResponseTests.java  |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
index 328e3ce75f..c60a6a09fd 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
@@ -40,35 +40,35 @@ class FirewalledResponse extends HttpServletResponseWrapper {
 	public void sendRedirect(String location) throws IOException {
 		// TODO: implement pluggable validation, instead of simple blacklisting.
 		// SEC-1790. Prevent redirects containing CRLF
-		validateCRLF(LOCATION_HEADER, location);
+		validateCrlf(LOCATION_HEADER, location);
 		super.sendRedirect(location);
 	}
 
 	@Override
 	public void setHeader(String name, String value) {
-		validateCRLF(name, value);
+		validateCrlf(name, value);
 		super.setHeader(name, value);
 	}
 
 	@Override
 	public void addHeader(String name, String value) {
-		validateCRLF(name, value);
+		validateCrlf(name, value);
 		super.addHeader(name, value);
 	}
 
 	@Override
 	public void addCookie(Cookie cookie) {
 		if(cookie != null) {
-			validateCRLF(SET_COOKIE_HEADER, cookie.getName());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getValue());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getPath());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getDomain());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getComment());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getName());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getValue());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getPath());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getDomain());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getComment());
 		}
 		super.addCookie(cookie);
 	}
 
-	void validateCRLF(String name, String value) {
+	void validateCrlf(String name, String value) {
 		if (hasCrlf(name) || hasCrlf(value)) {
 			throw new IllegalArgumentException(
 					"Invalid characters (CR/LF) in header " + name);
diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
index a91e7ba276..ddadeb84ab 100644
--- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
@@ -180,7 +180,7 @@ public class FirewalledResponseTests {
 
 	private void validateLineEnding(String name, String value) {
 		try {
-			fwResponse.validateCRLF(name, value);
+			fwResponse.validateCrlf(name, value);
 			fail("IllegalArgumentException should have thrown");
 		}
 		catch (IllegalArgumentException expected) {