Description
Bug description:
POC:
import urllib.request
from http.cookiejar import CookieJar, DefaultCookiePolicy
class FakeResponse:
def __init__(self, headers=[], url=None):
"""
headers: list of RFC822-style 'Key: value' strings
"""
import email
self._headers = email.message_from_string("\n".join(headers))
self._url = url
def info(self): return self._headers
pol = DefaultCookiePolicy(
rfc2965=True, blocked_domains=[])
c = CookieJar(policy=pol)
c.clear()
headers = ["Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; port=1234"]
req = urllib.request.Request("http://127.0.0.1:1234")
res = FakeResponse(headers, "http://127.0.0.1:1234")
print(pol.set_ok_port(c.make_cookies(res, req)[0], req))
print(pol.return_ok_port(c.make_cookies(res, req)[0], req))
# output: True, True
req_IPv6 = urllib.request.Request("http://[::1]:1234")
res_IPv6 = FakeResponse(headers, "http://[::1]:1234")
print(pol.set_ok_port(c.make_cookies(res_IPv6, req_IPv6)[0], req_IPv6))
print(pol.return_ok_port(c.make_cookies(res_IPv6, req_IPv6)[0], req_IPv6))
# output: False, FalseWell, port 1234 is the correct port. Then why request with host [::1] always return False?
Let's dive in to the function:
def set_ok_port(self, cookie, request):
if cookie.port_specified:
req_port = request_port(request)
if req_port is None:
req_port = "80"
else:
req_port = str(req_port)
for p in cookie.port.split(","):
try:
int(p)
except ValueError:
_debug(" bad port %s (not numeric)", p)
return False
if p == req_port:
break
else:
_debug(" request port (%s) not found in %s",
req_port, cookie.port)
return False
return TrueSo, the req_port is set by func request_port(), lets check it:
def request_port(request):
host = request.host
i = host.find(':')
if i >= 0:
port = host[i+1:]
try:
int(port)
except ValueError:
_debug("nonnumeric port: '%s'", port)
return None
else:
port = DEFAULT_HTTP_PORT
return portSo that's where thing goes wrong. if the input of request_port is an IPv6 addr like [::1]. It will actually always raises a ValueError and return None caz it tries to int(":1]:1234") instead of int("1234") and the port will be forced to 80. Which not equals to 1234, and returns False.
It is totally not a rocket science to solve this, but I need the helper functions of IPv6 in #135768 to land before the PR. I've already completed the PR based on the helper functions,
Same thing works for return_ok_port
cc @picnixz here if you have more advice, thanks!
CPython versions tested on:
3.14
Operating systems tested on:
Windows
Linked PRs
Metadata
Metadata
Assignees
Projects
Status