Message 233227 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	chfoo
Recipients	chfoo
Date	2014-12-31.05:06:26
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1420002389.34.0.647467472383.issue23138@psf.upfronthosting.co.za>
In-reply-to

Content
Something like "Set-Cookie: ; Expires=Thu, 01 Jan 1970 00:00:10 GMT" causes the resulting cookie.value to be parsed as an int. I expected either str or None as described in the documentation. Example evil server: try: import http.server as http_server except ImportError: import BaseHTTPServer as http_server class MyHandler(http_server.BaseHTTPRequestHandler): def do_GET(self): self.send_response(200) self.send_header('Set-Cookie', '; Expires=Thu, 01 Jan 1970 00:00:10 GMT') self.send_header('Set-Cookie', 'good=123.45600') self.end_headers() def main(): server = http_server.HTTPServer(('127.0.0.1', 8000), MyHandler) server.serve_forever() if __name__ == '__main__': main() Example innocent client: try: import http.cookiejar as http_cookiejar except ImportError: import cookielib as http_cookiejar try: import urllib.request as urllib_request except ImportError: import urllib2 as urllib_request def main(): cj = http_cookiejar.CookieJar() opener = urllib_request.build_opener(urllib_request.HTTPCookieProcessor(cj)) r = opener.open("http://127.0.0.1:8000/") print(cj._cookies) if __name__ == '__main__': main() The resulting output is: {'127.0.0.1': {'/': {'expires': Cookie(version=0, name='expires', value=10.0, port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, domain_initial_dot=False, path='/', path_specified=False, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False), 'good': Cookie(version=0, name='good', value='123.45600', port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, domain_initial_dot=False, path='/', path_specified=False, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False)}}} It gives two cookies where the first one contains name='expires', value=10.0 which is unexpected. I expected that either the bad cookie is discarded or it is accepted but the value is always a str (even if it is garbage) or None. This bug was found in my custom cookie policy where I do len(cookie.value or ''). There is also a reference on StackOverflow but I believe no Python library bug report was filed: http://stackoverflow.com/q/20325571/1524507 . This was tested on Python 2.7.8, 3.2.6, 3.3.6, and 3.4.2.

Something like "Set-Cookie: ; Expires=Thu, 01 Jan 1970 00:00:10 GMT" causes the resulting cookie.value to be parsed as an int.

I expected either str or None as described in the documentation.

Example evil server:

    try:
        import http.server as http_server
    except ImportError:
        import BaseHTTPServer as http_server


    class MyHandler(http_server.BaseHTTPRequestHandler):
        def do_GET(self):
            self.send_response(200)
            self.send_header('Set-Cookie', '; Expires=Thu, 01 Jan 1970 00:00:10 GMT')
            self.send_header('Set-Cookie', 'good=123.45600')
            self.end_headers()


    def main():
        server = http_server.HTTPServer(('127.0.0.1', 8000), MyHandler)
        server.serve_forever()


    if __name__ == '__main__':
        main()
        

Example innocent client:

    try:
        import http.cookiejar as http_cookiejar
    except ImportError:
        import cookielib as http_cookiejar

    try:
        import urllib.request as urllib_request
    except ImportError:
        import urllib2 as urllib_request
        

    def main():
        cj = http_cookiejar.CookieJar()
        opener = urllib_request.build_opener(urllib_request.HTTPCookieProcessor(cj))
        r = opener.open("http://127.0.0.1:8000/")
        
        print(cj._cookies)

    if __name__ == '__main__':
        main()


The resulting output is:

{'127.0.0.1': {'/': {'expires': Cookie(version=0, name='expires', value=10.0, port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, domain_initial_dot=False, path='/', path_specified=False, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False), 'good': Cookie(version=0, name='good', value='123.45600', port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, domain_initial_dot=False, path='/', path_specified=False, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False)}}}

It gives two cookies where the first one contains name='expires', value=10.0 which is unexpected. I expected that either the bad cookie is discarded or it is accepted but the value is always a str (even if it is garbage) or None.

This bug was found in my custom cookie policy where I do len(cookie.value or ''). There is also a reference on StackOverflow but I believe no Python library bug report was filed: http://stackoverflow.com/q/20325571/1524507 . 

This was tested on Python 2.7.8, 3.2.6, 3.3.6, and 3.4.2.

History
Date	User	Action	Args
2014-12-31 05:06:29	chfoo	set	recipients: + chfoo
2014-12-31 05:06:29	chfoo	set	messageid: <1420002389.34.0.647467472383.issue23138@psf.upfronthosting.co.za>
2014-12-31 05:06:29	chfoo	link	issue23138 messages
2014-12-31 05:06:26	chfoo	create