Message233227
Something like "Set-Cookie: ; Expires=Thu, 01 Jan 1970 00:00:10 GMT" causes the resulting cookie.value to be parsed as an int.
I expected either str or None as described in the documentation.
Example evil server:
try:
import http.server as http_server
except ImportError:
import BaseHTTPServer as http_server
class MyHandler(http_server.BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header('Set-Cookie', '; Expires=Thu, 01 Jan 1970 00:00:10 GMT')
self.send_header('Set-Cookie', 'good=123.45600')
self.end_headers()
def main():
server = http_server.HTTPServer(('127.0.0.1', 8000), MyHandler)
server.serve_forever()
if __name__ == '__main__':
main()
Example innocent client:
try:
import http.cookiejar as http_cookiejar
except ImportError:
import cookielib as http_cookiejar
try:
import urllib.request as urllib_request
except ImportError:
import urllib2 as urllib_request
def main():
cj = http_cookiejar.CookieJar()
opener = urllib_request.build_opener(urllib_request.HTTPCookieProcessor(cj))
r = opener.open("http://127.0.0.1:8000/")
print(cj._cookies)
if __name__ == '__main__':
main()
The resulting output is:
{'127.0.0.1': {'/': {'expires': Cookie(version=0, name='expires', value=10.0, port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, domain_initial_dot=False, path='/', path_specified=False, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False), 'good': Cookie(version=0, name='good', value='123.45600', port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, domain_initial_dot=False, path='/', path_specified=False, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False)}}}
It gives two cookies where the first one contains name='expires', value=10.0 which is unexpected. I expected that either the bad cookie is discarded or it is accepted but the value is always a str (even if it is garbage) or None.
This bug was found in my custom cookie policy where I do len(cookie.value or ''). There is also a reference on StackOverflow but I believe no Python library bug report was filed: http://stackoverflow.com/q/20325571/1524507 .
This was tested on Python 2.7.8, 3.2.6, 3.3.6, and 3.4.2. |
|
Date |
User |
Action |
Args |
2014-12-31 05:06:29 | chfoo | set | recipients:
+ chfoo |
2014-12-31 05:06:29 | chfoo | set | messageid: <1420002389.34.0.647467472383.issue23138@psf.upfronthosting.co.za> |
2014-12-31 05:06:29 | chfoo | link | issue23138 messages |
2014-12-31 05:06:26 | chfoo | create | |
|