From ac82736ef1105d06d8d831681f921d1453f08dec Mon Sep 17 00:00:00 2001
From: bwarsaw
Date: Tue, 29 Jan 2002 19:09:32 +0000
Subject: CheckCookie(): If the SimpleCookie constructor throws a CookieError,
 catch it and return false.

---
 Mailman/SecurityManager.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'Mailman/SecurityManager.py')

diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py
index 9d62bef4b..1a42460ef 100644
--- a/Mailman/SecurityManager.py
+++ b/Mailman/SecurityManager.py
@@ -263,7 +263,10 @@ class SecurityManager:
         # decoding as necessary.  By using SimpleCookie, we prevent any kind
         # of security breach due to untrusted cookie data being unpickled
         # (which is quite unsafe).
-        c = Cookie.SimpleCookie(cookiedata)
+        try:
+            c = Cookie.SimpleCookie(cookiedata)
+        except Cookie.CookieError:
+            return 0
         # If the user was not supplied, but the authcontext is AuthUser, we
         # can try to glean the user address from the cookie key.  There may be
         # more than one matching key (if the user has multiple accounts
-- 
cgit v1.2.3-70-g09d2