From c6811bd0e854a91bc0c3f9cda676818bd5c76a5c Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Mon, 28 Sep 2015 14:55:13 +0200
Subject: fix #773

---
 libmproxy/models/http.py | 18 ++++++++++++++----
 test/test_flow.py        |  5 +++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/libmproxy/models/http.py b/libmproxy/models/http.py
index 30863170..dfa3a824 100644
--- a/libmproxy/models/http.py
+++ b/libmproxy/models/http.py
@@ -354,7 +354,10 @@ class HTTPResponse(MessageMixin, Response):
             Takes a cookie string c and a time delta in seconds, and returns
             a refreshed cookie string.
         """
-        c = Cookie.SimpleCookie(str(c))
+        try:
+            c = Cookie.SimpleCookie(str(c))
+        except Cookie.CookieError:
+            raise ValueError("Invalid Cookie")
         for i in c.values():
             if "expires" in i:
                 d = parsedate_tz(i["expires"])
@@ -369,7 +372,10 @@ class HTTPResponse(MessageMixin, Response):
                     # appear to parse this tolerantly - maybe we should too.
                     # For now, we just ignore this.
                     del i["expires"]
-        return c.output(header="").strip()
+        ret = c.output(header="").strip()
+        if not ret:
+            raise ValueError("Invalid Cookie")
+        return ret
 
     def refresh(self, now=None):
         """
@@ -394,8 +400,12 @@ class HTTPResponse(MessageMixin, Response):
                     new = mktime_tz(d) + delta
                     self.headers[i] = formatdate(new)
         c = []
-        for i in self.headers.get_all("set-cookie"):
-            c.append(self._refresh_cookie(i, delta))
+        for set_cookie_header in self.headers.get_all("set-cookie"):
+            try:
+                refreshed = self._refresh_cookie(set_cookie_header, delta)
+            except ValueError:
+                refreshed = set_cookie_header
+            c.append(refreshed)
         if c:
             self.headers.set_all("set-cookie", c)
 
diff --git a/test/test_flow.py b/test/test_flow.py
index 1d5cc354..d052a8e8 100644
--- a/test/test_flow.py
+++ b/test/test_flow.py
@@ -1155,6 +1155,11 @@ class TestResponse:
         c = "MOO=BAR; Expires=Tue, 08-Mar-2011 00:20:38 GMT; Path=foo.com; Secure"
         assert "00:21:38" in r._refresh_cookie(c, 60)
 
+        # https://github.com/mitmproxy/mitmproxy/issues/773
+        c = ">=A"
+        with tutils.raises(ValueError):
+            r._refresh_cookie(c, 60)
+
     def test_replace(self):
         r = HTTPResponse.wrap(netlib.tutils.tresp())
         r.headers["Foo"] = "fOo"
-- 
cgit v1.2.3