#15852: Exception when http.parse_cookie recieves bad cookie
-------------------------------------+-------------------------------------
Reporter: Fredrik Stålnacke | Owner: nobody
Type: Bug | Status: reopened
Component: HTTP handling | Version: 1.3
Severity: Normal | Resolution:
Keywords: parse_cookie | Triage Stage: Ready for
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by joonas.kuorilehto@…):
* cc: joonas.kuorilehto@… (added)
* status: closed => reopened
* ui_ux: => 0
* resolution: fixed =>
Comment:
I believe this bug has not been fixed in 1.3.X branch. As I have
understood bug fixes like this should land into 1.3.X.
I was testing with Codenomicon HTTP Test Suite fuzzer and noticed a very
similar traceback in my server logs. I can reproduce this by sending the
following minimized HTTP request:
{{{
POST / HTTP/1.1
Host: 10.10.3.83
Cookie: = = = = =
{}
}}}
This causes a 'NoneType' 'AttributeError' on both Django test server and
Apache mod_wsgi.
Traceback with Django 1.3.1:
{{{
Traceback (most recent call last):
File "/var/env/local/lib/python2.7/site-
packages/django/core/servers/basehttp.py", line 283, in run
self.result = application(self.environ, self.start_response)
File "/var/env/local/lib/python2.7/site-
packages/django/contrib/staticfiles/handlers.py", line 68, in __call__
return self.application(environ, start_response)
File "/var/env/local/lib/python2.7/site-
packages/django/core/handlers/wsgi.py", line 272, in __call__
response = self.get_response(request)
File "/var/env/local/lib/python2.7/site-
packages/django/core/handlers/base.py", line 169, in get_response
response = self.handle_uncaught_exception(request, resolver,
sys.exc_info())
File "/var/env/local/lib/python2.7/site-
packages/django/core/handlers/base.py", line 218, in
handle_uncaught_exception
return callback(request, **param_dict)
File "/var/env/local/lib/python2.7/site-
packages/django/utils/decorators.py", line 89, in _wrapped_view
result = middleware.process_view(request, view_func, args, kwargs)
File "/var/env/local/lib/python2.7/site-
packages/django/middleware/csrf.py", line 116, in process_view
request.META["CSRF_COOKIE"] =
_sanitize_token(request.COOKIES[settings.CSRF_COOKIE_NAME])
File "/var/env/local/lib/python2.7/site-
packages/django/core/handlers/wsgi.py", line 218, in _get_cookies
self._cookies = http.parse_cookie(self.environ.get('HTTP_COOKIE', ''))
File "/var/env/local/lib/python2.7/site-
packages/django/http/__init__.py", line 468, in parse_cookie
c.load(cookie, ignore_parse_errors=True)
File "/var/env/local/lib/python2.7/site-
packages/django/http/__init__.py", line 97, in load
super(SimpleCookie, self).load(rawdata)
File "/usr/lib/python2.7/Cookie.py", line 632, in load
self.__ParseString(rawdata)
File "/usr/lib/python2.7/Cookie.py", line 665, in __ParseString
self.__set(K, rval, cval)
File "/var/env/local/lib/python2.7/site-
packages/django/http/__init__.py", line 107, in _loose_set
self._strict_set(key, real_value, coded_value)
File "/usr/lib/python2.7/Cookie.py", line 585, in __set
M.set(key, real_value, coded_value)
AttributeError: 'NoneType' object has no attribute 'set'
}}}
I think this problem is related to this ticket. Either the fix is not
included in the 1.3.X branch or the fix is incomplete.
--
Ticket URL: <https://code.djangoproject.com/ticket/15852#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
