Opened 12 years ago

Closed 12 years ago

#19826 closed Uncategorized (worksforme)

RFC2109-violating Cookies throw unhandled AttributeError deep in stack

Reported by: jfenton Owned by: nobody
Component: Uncategorized Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The below cookie causes Django 1.4 to throw an AttributeError:

Traceback (most recent call last):

File "<console>", line 1, in <module>
File "/opt/savvi/local/lib/python2.7/site-packages/django/http/init.py", line 463, in parse_cookie

c.load(cookie, ignore_parse_errors=True)

File "/opt/savvi/local/lib/python2.7/site-packages/django/http/init.py", line 97, in load

super(SimpleCookie, self).load(rawdata)

File "/usr/lib/python2.7/Cookie.py", line 632, in load

self.ParseString(rawdata)

File "/usr/lib/python2.7/Cookie.py", line 665, in ParseString

self.set(K, rval, cval)

File "/opt/savvi/local/lib/python2.7/site-packages/django/http/init.py", line 107, in _loose_set

self._strict_set(key, real_value, coded_value)

File "/usr/lib/python2.7/Cookie.py", line 585, in set

M.set(key, real_value, coded_value)

AttributeError: 'NoneType' object has no attribute 'set'

To reproduce:

import django.http ; django.http.parse_cookie('CWCweb="savedLocale:en"; PerfSPI_NNM_Host_AND_Port="http://x:80"; PRSPI_report_launches=REPORT:Thu Feb 14 2013 18:16:25 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics:zz:Chart Detail:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics&report=Chart Detail&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=604800&timespan=604800&time_grain=300&starttime=2013-02-07T10:10:0&endtime=2013-02-14T10:10:0&Interface%20UUID=00f1238d-746a-42bb-8ae6-eeebb34ef1d7&CAMNamespace=ErsTrustedSignonProviderREPORT:Thu Feb 14 2013 18:11:41 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics:zz:Chart Detail:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics&report=Chart Detail&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-02-14T09:05:0&endtime=2013-02-14T10:05:0&Interface%20UUID=00f1238d-746a-42bb-8ae6-eeebb34ef1d7&CAMNamespace=ErsTrustedSignonProviderREPORT:Fri Jan 18 2013 17:15:03 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics/Reportlets:zz:Multimetric Chart:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics/Reportlets&report=Multimetric Chart&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-01-18T08:05:0&endtime=2013-01-18T09:05:0&Interface%20UUID=9c40974f-ab77-4906-9af4-1eb3ac220639&CAMNamespace=ErsTrustedSignonProviderREPORT:Fri Jan 18 2013 17:11:58 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics/Reportlets:zz:Gauge:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics/Reportlets&report=Gauge&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-01-18T08:05:0&endtime=2013-01-18T09:05:0&Interface%20UUID=9c40974f-ab77-4906-9af4-1eb3ac220639&CAMNamespace=ErsTrustedSignonProviderREPORT:Fri Jan 18 2013 17:02:34 GMT+0800 (China Standard Time):zz:Component_Health:zz:ComponentMetrics:zz:Chart Detail:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Component_Health&folder=ComponentMetrics&report=Chart Detail&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-01-18T07:55:0&endtime=2013-01-18T08:55:0&Interface%20UUID=9c40974f-ab77-4906-9af4-1eb3ac220639&CAMNamespace=ErsTrustedSignonProvider; PerfSPI_Component_Health_ComponentMetrics_metric=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_2=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_3=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_4=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_5=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_6=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; JSESSIONID=F1FEE14951A35DEB434C616E20020BAD; ZNPCQ003-33333100=62c4ba5e; portal-initialized=F1FEE14951A35DEB434C616E20020BAD; JSESSIONID=F1FEE14951A35DEB434C616E20020BAD; JSESSIONIDSSO=606729787E9949B21029387E386FB8BE; LWSSO_COOKIE_KEY=hpEPpTQOcIMO0d1-5rJVpIbCF694cYCbxRHZ8rUzStPAJnFiRg_Vzk0lETBdPmBhr4ng32XA1j8pGJ_ZqyKVXRnB0VlMhrVrXCwI88dw05OQtC0xr0QauClH9PkEw5OLTBURQJmc_9lQavJgzXGsqKPbxqWgQ0tV693WcWQAJiMYDrOJTjVY-EUwMtZ')

Patch included which adds AttributeError to the handled exceptions, returning {} for the above.

import django.http ; django.http.parse_cookie('CWCweb="savedLocale:en"; PerfSPI_NNM_Host_AND_Port="http://tmhred130.in.sa.telstrainternational.com:80"; PRSPI_report_launches=REPORT:Thu Feb 14 2013 18:16:25 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics:zz:Chart Detail:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics&report=Chart Detail&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=604800&timespan=604800&time_grain=300&starttime=2013-02-07T10:10:0&endtime=2013-02-14T10:10:0&Interface%20UUID=00f1238d-746a-42bb-8ae6-eeebb34ef1d7&CAMNamespace=ErsTrustedSignonProviderREPORT:Thu Feb 14 2013 18:11:41 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics:zz:Chart Detail:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics&report=Chart Detail&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-02-14T09:05:0&endtime=2013-02-14T10:05:0&Interface%20UUID=00f1238d-746a-42bb-8ae6-eeebb34ef1d7&CAMNamespace=ErsTrustedSignonProviderREPORT:Fri Jan 18 2013 17:15:03 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics/Reportlets:zz:Multimetric Chart:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics/Reportlets&report=Multimetric Chart&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-01-18T08:05:0&endtime=2013-01-18T09:05:0&Interface%20UUID=9c40974f-ab77-4906-9af4-1eb3ac220639&CAMNamespace=ErsTrustedSignonProviderREPORT:Fri Jan 18 2013 17:11:58 GMT+0800 (China Standard Time):zz:Interface_Health:zz:InterfaceMetrics/Reportlets:zz:Gauge:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Interface_Health&folder=InterfaceMetrics/Reportlets&report=Gauge&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-01-18T08:05:0&endtime=2013-01-18T09:05:0&Interface%20UUID=9c40974f-ab77-4906-9af4-1eb3ac220639&CAMNamespace=ErsTrustedSignonProviderREPORT:Fri Jan 18 2013 17:02:34 GMT+0800 (China Standard Time):zz:Component_Health:zz:ComponentMetrics:zz:Chart Detail:zz:/PerfSpi/PerfSpi?showNav=0&enableDrillthroughs=0&username=c637614&package=Component_Health&folder=ComponentMetrics&report=Chart Detail&isRelative=1&isDBCalculated=0&auto_refresh=0&time_span_value=3600&timespan=3600&time_grain=300&starttime=2013-01-18T07:55:0&endtime=2013-01-18T08:55:0&Interface%20UUID=9c40974f-ab77-4906-9af4-1eb3ac220639&CAMNamespace=ErsTrustedSignonProvider; PerfSPI_Component_Health_ComponentMetrics_metric=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_2=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_3=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_4=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_5=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; PerfSPI_Component_Health_ComponentMetrics_metric_y1_6=CPU%205min%20Utilization%20-%20Forecast%20Upper%20Normal%20%2812%20week%29%20%28max%29; JSESSIONID=F1FEE14951A35DEB434C616E20020BAD; ZNPCQ003-33333100=62c4ba5e; portal-initialized=F1FEE14951A35DEB434C616E20020BAD; JSESSIONID=F1FEE14951A35DEB434C616E20020BAD; JSESSIONIDSSO=606729787E9949B21029387E386FB8BE; LWSSO_COOKIE_KEY=hpEPpTQOcIMO0d1-5rJVpIbCF694cYCbxRHZ8rUzStPAJnFiRg_Vzk0lETBdPmBhr4ng32XA1j8pGJ_ZqyKVXRnB0VlMhrVrXCwI88dw05OQtC0xr0QauClH9PkEw5OLTBURQJmc_9lQavJgzXGsqKPbxqWgQ0tV693WcWQAJiMYDrOJTjVY-EUwMtZ')

{}

Attachments (1)

19826.patch (425 bytes ) - added by jfenton 12 years ago.

Download all attachments as: .zip

Change History (2)

by jfenton, 12 years ago

Attachment: 19826.patch added

comment:1 by Ramiro Morales, 12 years ago

Resolution: worksforme
Status: newclosed

This is fixed in the latest stability/secuiroty fix-only release of the 1.4.x branch. Currently 1.4.3. Are you using an older version? You need to upgrade or find the fix and backport by yourself to your local copy of Django.

Please reopen this ticket if you can reproduce this on Django >= 1.4.3.

Note: See TracTickets for help on using tickets.
Back to Top