From 87cbb9d49117cb363eaeb6caf279afe2885aec35 Mon Sep 17 00:00:00 2001
From: spaceone <spaceone@users.noreply.github.com>
Date: Thu, 17 Sep 2015 23:51:21 +0200
Subject: [PATCH] Fix remote code execution vulnerability

SmartCookie as well as SerialCookie are vulnerable to code injection in python2.
Cookie.Cookie maps to Cookie.SmartCookie.
For example, the following cookie header would shutdown your server:
Cookie: foo="cposix\012_exit\012p1\012(I1\012tp2\012Rp3\012."
---
 libopencore/http_proxy.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libopencore/http_proxy.py b/libopencore/http_proxy.py
index 2f818d6..de7bfb7 100644
--- a/libopencore/http_proxy.py
+++ b/libopencore/http_proxy.py
@@ -146,7 +146,7 @@ def __call__(self, environ, start_response):
 _cookie_domain_re = re.compile(r'(domain="?)([a-z0-9._-]*)("?)', re.I)
 from lxml.html import document_fromstring, tostring
 import urlparse
-from Cookie import Cookie
+from Cookie import SimpleCookie
 
 def rewrite_links(request, response,
                   proxied_base, orig_base,
@@ -215,7 +215,7 @@ def rewrite_domain(match):
                     return match.group(0)
             cook = _cookie_domain_re.sub(rewrite_domain, cook)
             
-            _cook = Cookie(cook)
+            _cook = SimpleCookie(cook)
             assert len(_cook.keys()) == 1
             for key in _cook.keys():
                 _morsel = _cook[key]