Menu

#159 Unsafe handling of cookies

v1.9
closed-fixed
5
2006-04-11
2006-02-26
Tomer Gabel
No

I couldn't enter any of the comment pages in my blog
(at www.tomergabel.com); I looked at the exception
(below) and then dug a bit in the source code. The
culprit is line 107 on CommentViewBox.ascx.cs:

string nameStr = Request.Cookies["name"].Value;

Apparently I had an "email" cookie, but not a "name"
cookie (not sure how that happened), hence the
NullReferenceException. Anyways an if should probably
be added there with an empty (default?) string just in
case. I haven't dug enough into the code to know what
error handling there looks like, so I won't be making
any half-assed attempts at fixing the problem (unless
that qualifies me as lazy instead of pragmatic :-/)

Exception content:
------------------

Error:
System.NullReferenceException: Object reference not set
to an instance of an object.
at
newtelligence.DasBlog.Web.CommentViewBox.Page_Load(Object
sender, EventArgs e) in C:\Dev\DasBlog
CE\source\newtelligence.DasBlog.Web\CommentViewBox.ascx.cs:line
107
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain()
while processing
http://www.tomergabel.com/CommentView.aspx?guid=5f4f7c93-dfd4-4cb2-9b35-058ee0819126.

Discussion

  • Scott Hanselman

    Scott Hanselman - 2006-03-23

    Logged In: YES
    user_id=466973

    Yes, that looks like it's not a very defensive bit of code.
    Fix and submit a patch, will you?

     
  • Scott Hanselman

    Scott Hanselman - 2006-03-27
    • milestone: --> v1.9
    • assigned_to: nobody --> glucopilot
    • status: open --> pending-fixed
     
  • Scott Hanselman

    Scott Hanselman - 2006-03-27

    Logged In: YES
    user_id=466973

    Fixed.

     
  • SourceForge Robot

    • status: pending-fixed --> closed-fixed
     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     

Log in to post a comment.