Fix "maxAge" option to reject invalid values

Author: dougwilson

HISTORY.md

@@ -3,6 +3,7 @@ unreleased
 
   * Add `priority` option for Priority cookie support
   * Fix accidental cookie name/value truncation when given invalid chars
+  * Fix `maxAge` option to reject invalid values
   * Remove quotes from returned quoted cookie value
   * Use `req.socket` over deprecated `req.connection`
   * pref: small lookup regexp optimization

index.js

@@ -172,6 +172,10 @@ function Cookie(name, value, attrs) {
     throw new TypeError('option domain is invalid');
   }
 
+  if (typeof this.maxAge === 'number' ? (isNaN(this.maxAge) || !isFinite(this.maxAge)) : this.maxAge) {
+    throw new TypeError('option maxAge is invalid')
+  }
+
   if (this.priority && !PRIORITY_REGEXP.test(this.priority)) {
     throw new TypeError('option priority is invalid')
   }

test/cookie.js

@@ -61,6 +61,24 @@ describe('new Cookie(name, value, [options])', function () {
         var cookie = new cookies.Cookie('foo', 'bar', { maxAge: 86400 })
         assert.equal(cookie.maxage, 86400)
       })
+
+      it('should throw on invalid value', function () {
+        assert.throws(function () {
+          new cookies.Cookie('foo', 'bar', { maxAge: 'foo' })
+        }, /option maxAge is invalid/)
+      })
+
+      it('should throw on Infinity', function () {
+        assert.throws(function () {
+          new cookies.Cookie('foo', 'bar', { maxAge: Infinity })
+        }, /option maxAge is invalid/)
+      })
+
+      it('should throw on NaN', function () {
+        assert.throws(function () {
+          new cookies.Cookie('foo', 'bar', { maxAge: NaN })
+        }, /option maxAge is invalid/)
+      })
     })
 
     describe('priority', function () {