Issue #3924: Ignore cookies with invalid "version" field in cookielib.
diff --git a/Lib/cookielib.py b/Lib/cookielib.py
index 6b59794..eed45f6 100644
--- a/Lib/cookielib.py
+++ b/Lib/cookielib.py
@@ -434,6 +434,13 @@
if attr: headers.append("; ".join(attr))
return ", ".join(headers)
+def strip_quotes(text):
+ if text.startswith('"'):
+ text = text[1:]
+ if text.endswith('"'):
+ text = text[:-1]
+ return text
+
def parse_ns_headers(ns_headers):
"""Ad-hoc parser for Netscape protocol cookie-attributes.
@@ -451,7 +458,7 @@
"""
known_attrs = ("expires", "domain", "path", "secure",
# RFC 2109 attrs (may turn up in Netscape cookies, too)
- "port", "max-age")
+ "version", "port", "max-age")
result = []
for ns_header in ns_headers:
@@ -471,12 +478,11 @@
k = lc
if k == "version":
# This is an RFC 2109 cookie.
+ v = strip_quotes(v)
version_set = True
if k == "expires":
# convert expires date to seconds since epoch
- if v.startswith('"'): v = v[1:]
- if v.endswith('"'): v = v[:-1]
- v = http2time(v) # None if invalid
+ v = http2time(strip_quotes(v)) # None if invalid
pairs.append((k, v))
if pairs:
@@ -1450,7 +1456,11 @@
# set the easy defaults
version = standard.get("version", None)
- if version is not None: version = int(version)
+ if version is not None:
+ try:
+ version = int(version)
+ except ValueError:
+ return None # invalid version, ignore cookie
secure = standard.get("secure", False)
# (discard is also set if expires is Absent)
discard = standard.get("discard", False)