From: Raullen <raullenchai@gmail.com>
Date: Tue, 3 Jul 2012 00:28:44 +0000 (-0700)
Subject: return None when a secure-cookie is forged
X-Git-Tag: v2.4.0~41^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ca245f0ee0d5785610e5bf90b78e3860adc9deb;p=thirdparty%2Ftornado.git

return None when a secure-cookie is forged
---

diff --git a/tornado/web.py b/tornado/web.py
index a9bc5046f..99c6858d1 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -2046,6 +2046,7 @@ def decode_signed_value(secret, name, value, max_age_days=31):
         return None
     if parts[1].startswith(b("0")):
         logging.warning("Tampered cookie %r", value)
+        return None
     try:
         return base64.b64decode(parts[0])
     except Exception: