diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2024-08-17 16:30:52 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-17 16:30:52 +0300 |
| commit | 44e458357fca05ca0ae2658d62c8c595b048b5ef (patch) | |
| tree | 768f7f526ee50f37b70b8545891b27b0496c4117 /Lib/test/test_http_cookies.py | |
| parent | d60b97a833fd3284f2ee249d32c97fc359d83486 (diff) | |
| download | cpython-44e458357fca05ca0ae2658d62c8c595b048b5ef.tar.gz cpython-44e458357fca05ca0ae2658d62c8c595b048b5ef.zip | |
gh-123067: Fix quadratic complexity in parsing "-quoted cookie values with backslashes (GH-123075)
This fixes CVE-2024-7592.
Diffstat (limited to 'Lib/test/test_http_cookies.py')
| -rw-r--r-- | Lib/test/test_http_cookies.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py index 925c8697f60..8879902a6e2 100644 --- a/Lib/test/test_http_cookies.py +++ b/Lib/test/test_http_cookies.py @@ -5,6 +5,7 @@ import unittest import doctest from http import cookies import pickle +from test import support class CookieTests(unittest.TestCase): @@ -58,6 +59,43 @@ class CookieTests(unittest.TestCase): for k, v in sorted(case['dict'].items()): self.assertEqual(C[k].value, v) + def test_unquote(self): + cases = [ + (r'a="b=\""', 'b="'), + (r'a="b=\\"', 'b=\\'), + (r'a="b=\="', 'b=='), + (r'a="b=\n"', 'b=n'), + (r'a="b=\042"', 'b="'), + (r'a="b=\134"', 'b=\\'), + (r'a="b=\377"', 'b=\xff'), + (r'a="b=\400"', 'b=400'), + (r'a="b=\42"', 'b=42'), + (r'a="b=\\042"', 'b=\\042'), + (r'a="b=\\134"', 'b=\\134'), + (r'a="b=\\\""', 'b=\\"'), + (r'a="b=\\\042"', 'b=\\"'), + (r'a="b=\134\""', 'b=\\"'), + (r'a="b=\134\042"', 'b=\\"'), + ] + for encoded, decoded in cases: + with self.subTest(encoded): + C = cookies.SimpleCookie() + C.load(encoded) + self.assertEqual(C['a'].value, decoded) + + @support.requires_resource('cpu') + def test_unquote_large(self): + n = 10**6 + for encoded in r'\\', r'\134': + with self.subTest(encoded): + data = 'a="b=' + encoded*n + ';"' + C = cookies.SimpleCookie() + C.load(data) + value = C['a'].value + self.assertEqual(value[:3], 'b=\\') + self.assertEqual(value[-2:], '\\;') + self.assertEqual(len(value), n + 3) + def test_load(self): C = cookies.SimpleCookie() C.load('Customer="WILE_E_COYOTE"; Version=1; Path=/acme') |