On Fri, Oct 19, 2001 at 07:24:52PM -0400, Barry A. Warsaw wrote:
"CVR" == Chuq Von Rospach <chuqui@plaidworks.com> writes:
CVR> Barry, I think you need to take a look at your cookie code, CVR> and look for ways to bullet-proof it. It seems to have some CVR> assumptions that I found out the hard way aren't safe.
This patch against Mailman 2.0.6 should be enough to prevent the core dumps. If you haven't completed your upgrade yet, can you give it a try?
I've the same cookie problems than chuck except that mm's admin interface returns a 500 error (no core dump, I have python 1.5.2) Would that patch fix the failures in the admin script when a bad cookie shows up?
-------------------- snip snip -------------------- Index: SecurityManager.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v retrieving revision 1.31.2.1 diff -u -r1.31.2.1 SecurityManager.py --- SecurityManager.py 2001/07/25 18:07:51 1.31.2.1 +++ SecurityManager.py 2001/10/19 23:23:12 @@ -118,7 +118,7 @@ cookiedata = os.environ.get('HTTP_COOKIE') if not cookiedata: return 0 - c = Cookie.Cookie(cookiedata) + c = Cookie.Cookie(cookiedata, net_setfunc=lambda x: x) if not c.has_key(key): return 0 # Undo the encoding we performed in MakeCookie() above
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers
-- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key