File CVE-2024-7592-quad-complex-cookies.patch of Package python.42941
---
Lib/Cookie.py | 32 +------
Lib/test/test_cookie.py | 42 ++++++++++
Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst | 1
3 files changed, 51 insertions(+), 24 deletions(-)
Index: Python-2.7.18/Lib/Cookie.py
===================================================================
--- Python-2.7.18.orig/Lib/Cookie.py 2026-02-25 13:16:23.189401451 +0100
+++ Python-2.7.18/Lib/Cookie.py 2026-02-25 13:22:28.142379565 +0100
@@ -338,8 +338,13 @@
# end _quote
-_OctalPatt = re.compile(r"\\[0-3][0-7][0-7]")
-_QuotePatt = re.compile(r"[\\].")
+_unquote_sub = re.compile(r'\\(?:([0-3][0-7][0-7])|(.))').sub
+
+def _unquote_replace(m):
+ if m.group(1):
+ return chr(int(m.group(1), 8))
+ else:
+ return m.group(2)
def _unquote(str):
# If there aren't any doublequotes,
@@ -359,28 +364,7 @@
# \012 --> \n
# \" --> "
#
- i = 0
- n = len(str)
- res = []
- while 0 <= i < n:
- Omatch = _OctalPatt.search(str, i)
- Qmatch = _QuotePatt.search(str, i)
- if not Omatch and not Qmatch: # Neither matched
- res.append(str[i:])
- break
- # else:
- j = k = -1
- if Omatch: j = Omatch.start(0)
- if Qmatch: k = Qmatch.start(0)
- if Qmatch and ( not Omatch or k < j ): # QuotePatt matched
- res.append(str[i:k])
- res.append(str[k+1])
- i = k+2
- else: # OctalPatt matched
- res.append(str[i:j])
- res.append( chr( int(str[j+1:j+4], 8) ) )
- i = j+4
- return _nulljoin(res)
+ return _unquote_sub(_unquote_replace, str)
# end _unquote
# The _getdate() routine is used to set the expiration time in
Index: Python-2.7.18/Lib/test/test_cookie.py
===================================================================
--- Python-2.7.18.orig/Lib/test/test_cookie.py 2026-02-25 13:16:23.190157795 +0100
+++ Python-2.7.18/Lib/test/test_cookie.py 2026-02-25 14:18:33.333861289 +0100
@@ -4,6 +4,7 @@
run_unittest,
run_doctest,
check_warnings,
+ requires_resource,
control_characters_c0)
import unittest
import Cookie
@@ -56,6 +57,47 @@
for k, v in sorted(case['dict'].iteritems()):
self.assertEqual(C[k].value, v)
+ def test_unquote(self):
+ cases = [
+ (r'a="b=\""', 'b="'),
+ (r'a="b=\\"', 'b=\\'),
+ (r'a="b=\="', 'b=='),
+ (r'a="b=\n"', 'b=n'),
+ (r'a="b=\042"', 'b="'),
+ (r'a="b=\134"', 'b=\\'),
+ (r'a="b=\377"', 'b=\xff'),
+ (r'a="b=\400"', 'b=400'),
+ (r'a="b=\42"', 'b=42'),
+ (r'a="b=\\042"', 'b=\\042'),
+ (r'a="b=\\134"', 'b=\\134'),
+ (r'a="b=\\\""', 'b=\\"'),
+ (r'a="b=\\\042"', 'b=\\"'),
+ (r'a="b=\134\""', 'b=\\"'),
+ (r'a="b=\134\042"', 'b=\\"'),
+ ]
+ for encoded, decoded in cases:
+ try:
+ C = Cookie.SimpleCookie()
+ C.load(encoded)
+ self.assertEqual(C['a'].value, decoded)
+ except Exception:
+ raise AssertionError("subTest failed for encoded=%r" % (encoded,))
+
+ @requires_resource('cpu')
+ def test_unquote_large(self):
+ n = 10**6
+ for encoded in (r'\\', r'\134'):
+ try:
+ data = 'a="b=' + encoded * n + ';"'
+ C = Cookie.SimpleCookie()
+ C.load(data)
+ value = C['a'].value
+ self.assertEqual(value[:3], 'b=\\')
+ self.assertEqual(value[-2:], '\\;')
+ self.assertEqual(len(value), n + 3)
+ except Exception:
+ raise AssertionError("subTest failed for encoded=%r" % (encoded,))
+
def test_load(self):
C = Cookie.SimpleCookie()
C.load('Customer="WILE_E_COYOTE"; Version=1; Path=/acme')
Index: Python-2.7.18/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ Python-2.7.18/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst 2026-02-25 13:18:17.191729136 +0100
@@ -0,0 +1 @@
+Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies`.
