#15852: Exception when http.parse_cookie recieves bad cookie -------------------------------------+------------------------------------- Reporter: Fredrik Stålnacke | Owner: nobody Type: Bug | Status: reopened Component: HTTP handling | Version: 1.3 Severity: Normal | Resolution: Keywords: parse_cookie | Triage Stage: Ready for Has patch: 1 | checkin Needs tests: 0 | Needs documentation: 0 Easy pickings: 0 | Patch needs improvement: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by joonas.kuorilehto@…):
* cc: joonas.kuorilehto@… (added) * status: closed => reopened * ui_ux: => 0 * resolution: fixed => Comment: I believe this bug has not been fixed in 1.3.X branch. As I have understood bug fixes like this should land into 1.3.X. I was testing with Codenomicon HTTP Test Suite fuzzer and noticed a very similar traceback in my server logs. I can reproduce this by sending the following minimized HTTP request: {{{ POST / HTTP/1.1 Host: 10.10.3.83 Cookie: = = = = = {} }}} This causes a 'NoneType' 'AttributeError' on both Django test server and Apache mod_wsgi. Traceback with Django 1.3.1: {{{ Traceback (most recent call last): File "/var/env/local/lib/python2.7/site- packages/django/core/servers/basehttp.py", line 283, in run self.result = application(self.environ, self.start_response) File "/var/env/local/lib/python2.7/site- packages/django/contrib/staticfiles/handlers.py", line 68, in __call__ return self.application(environ, start_response) File "/var/env/local/lib/python2.7/site- packages/django/core/handlers/wsgi.py", line 272, in __call__ response = self.get_response(request) File "/var/env/local/lib/python2.7/site- packages/django/core/handlers/base.py", line 169, in get_response response = self.handle_uncaught_exception(request, resolver, sys.exc_info()) File "/var/env/local/lib/python2.7/site- packages/django/core/handlers/base.py", line 218, in handle_uncaught_exception return callback(request, **param_dict) File "/var/env/local/lib/python2.7/site- packages/django/utils/decorators.py", line 89, in _wrapped_view result = middleware.process_view(request, view_func, args, kwargs) File "/var/env/local/lib/python2.7/site- packages/django/middleware/csrf.py", line 116, in process_view request.META["CSRF_COOKIE"] = _sanitize_token(request.COOKIES[settings.CSRF_COOKIE_NAME]) File "/var/env/local/lib/python2.7/site- packages/django/core/handlers/wsgi.py", line 218, in _get_cookies self._cookies = http.parse_cookie(self.environ.get('HTTP_COOKIE', '')) File "/var/env/local/lib/python2.7/site- packages/django/http/__init__.py", line 468, in parse_cookie c.load(cookie, ignore_parse_errors=True) File "/var/env/local/lib/python2.7/site- packages/django/http/__init__.py", line 97, in load super(SimpleCookie, self).load(rawdata) File "/usr/lib/python2.7/Cookie.py", line 632, in load self.__ParseString(rawdata) File "/usr/lib/python2.7/Cookie.py", line 665, in __ParseString self.__set(K, rval, cval) File "/var/env/local/lib/python2.7/site- packages/django/http/__init__.py", line 107, in _loose_set self._strict_set(key, real_value, coded_value) File "/usr/lib/python2.7/Cookie.py", line 585, in __set M.set(key, real_value, coded_value) AttributeError: 'NoneType' object has no attribute 'set' }}} I think this problem is related to this ticket. Either the fix is not included in the 1.3.X branch or the fix is incomplete. -- Ticket URL: <https://code.djangoproject.com/ticket/15852#comment:5> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.