Re: [Django] #15852: Exception when http.parse_cookie recieves bad cookie

Fri, 22 Apr 2011 06:12:10 -0700 

#15852: Exception when http.parse_cookie recieves bad cookie
-------------------------------------+-------------------------------------
               Reporter:  Fredrik    |          Owner:  nobody
  Stålnacke                          |         Status:  new
                   Type:  Bug        |      Component:  HTTP handling
              Milestone:             |       Severity:  Normal
                Version:  1.3        |       Keywords:  parse_cookie
             Resolution:             |      Has patch:  1
           Triage Stage:  Accepted   |    Needs tests:  0
    Needs documentation:  0          |  Easy pickings:  0
Patch needs improvement:  1          |
-------------------------------------+-------------------------------------
Changes (by vung):

 * needs_tests:  1 => 0


Comment:

 This is related to #13007.

 Here is a short example:
 {{{
 from django import http
 http.parse_cookie('a:=b; a:=c; d=e')
 }}}


 The problem is that when a `CookieError` is raised
 `http.SimpleCookie._loose_set` bypasses regular code paths to store a key
 whose value is `None`. The normal code path would ensure that the value is
 a `Morcel` object.

 `None` works fine when the key occurs only once, so this isn't catched by
 the test commited in r15523.

 When the same key is encountered a second time, though, this value is used
 in `BaseCookie` under the assumption that it is a `Morsel` instance and
 consequently it has a `set()` method. Of course, `None` doesn't have one,
 hence the bug.

 The immediate fix is to use a `Morcel` instance. It doesn't matter if it
 supports `httponly` or not, it will be removed anyway.

 Fixing this brings a second problem: bad cookies are colected in a list,
 to be removed when loading finishes. This will result in calling `del
 self[key]` more than once for the same key and will fail.

 15852_repeated_bad_key.diff is a short patch that fixes the above.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/15852#comment:2>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to