[Checkins] SVN: Products.PluggableAuthService/trunk/ Fixed an issue where a bad cookie value would raise an inappropriate exception.

Malthe Borch mborch at gmail.com
Thu Dec 2 12:32:24 EST 2010 

Log message for revision 118672:
  Fixed an issue where a bad cookie value would raise an inappropriate exception.

Changed:
  U   Products.PluggableAuthService/trunk/CHANGES.txt
  U   Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
  U   Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py

-=-
Modified: Products.PluggableAuthService/trunk/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/trunk/CHANGES.txt	2010-12-02 15:54:36 UTC (rev 118671)
+++ Products.PluggableAuthService/trunk/CHANGES.txt	2010-12-02 17:32:23 UTC (rev 118672)
@@ -4,6 +4,9 @@
 1.7.3 (unreleased)
 ------------------
 
+- Fixed possible ``binascii.Error`` in ``extractCredentials`` of
+  CookieAuthHelper. This is a corner case that might happen after
+  a browser upgrade.
 
 1.7.2 (2010-11-11)
 ------------------

Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py	2010-12-02 15:54:36 UTC (rev 118671)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py	2010-12-02 17:32:23 UTC (rev 118672)
@@ -17,6 +17,7 @@
 """
 
 from base64 import encodestring, decodestring
+from binascii import Error
 from urllib import quote, unquote
 
 from AccessControl.SecurityInfo import ClassSecurityInfo
@@ -117,8 +118,14 @@
             creds['password'] = request.form.get('__ac_password', '')
 
         elif cookie and cookie != 'deleted':
-            cookie_val = decodestring(unquote(cookie))
+            raw = unquote(cookie)
             try:
+                cookie_val = decodestring(raw)
+            except Error:
+                # Cookie is in a different format, so it is not ours
+                return creds
+
+            try:
                 login, password = cookie_val.split(':')
             except ValueError:
                 # Cookie is in a different format, so it is not ours

Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py	2010-12-02 15:54:36 UTC (rev 118671)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py	2010-12-02 17:32:23 UTC (rev 118672)
@@ -202,7 +202,21 @@
         self.assertEqual(helper.extractCredentials(request),
                         {})
 
+    def test_extractCredentials_from_cookie_with_bad_binascii(self):
+        # this might happen between browser implementations
+        from base64 import encodestring
 
+        helper = self._makeOne()
+        response = FauxCookieResponse()
+        request = FauxSettableRequest(RESPONSE=response)
+
+        cookie_val = 'NjE2NDZkNjk2ZTo3MDZjNmY2ZTY1MzQ3NQ%3D%3D'[:-1]
+        request.set(helper.cookie_name, cookie_val)
+
+        self.assertEqual(helper.extractCredentials(request),
+                        {})
+
+
 if __name__ == "__main__":
     unittest.main()

More information about the checkins mailing list