Check for far-future timestamps in secure cookies.

author Ben Darnell <ben@bendarnell.com>

Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)

committer Ben Darnell <ben@bendarnell.com>

Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)
author Ben Darnell <ben@bendarnell.com>
Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)
committer Ben Darnell <ben@bendarnell.com>
Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)
diff --git a/tornado/web.py b/tornado/web.py

index daf8b315bc7260a3bd32a08c806214427cee30fb..3696411c6f22c3460e7c791ff6213996b385e63d 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -344,6 +344,16 @@ class RequestHandler(object):
          if timestamp < time.time() - 31 * 86400:
              logging.warning("Expired cookie %r", value)
              return None
+        if timestamp > time.time() + 31 * 86400:
+            # _cookie_signature does not hash a delimiter between the
+            # parts of the cookie, so an attacker could transfer trailing
+            # digits from the payload to the timestamp without altering the
+            # signature.  For backwards compatibility, sanity-check timestamp
+            # here instead of modifying _cookie_signature.
+            logging.warning("Cookie timestamp in future; possible tampering %r", value)
+            return None
+        if parts[1].startswith("0"):
+            logging.warning("Tampered cookie %r", value)
          try:
              return base64.b64decode(parts[0])
          except:
author	Ben Darnell <ben@bendarnell.com>
	Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)
committer	Ben Darnell <ben@bendarnell.com>
	Fri, 13 Aug 2010 17:18:28 +0000 (10:18 -0700)