bug #60379 [Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie (Seldaek)

fabpot · fabpot · commit ec1e4a25bbb2 · 2025-05-09T09:11:57.000+02:00
This PR was squashed before being merged into the 6.4 branch. Discussion ---------- [Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #...  | License | MIT If the remember me cookie is malformed like `"foo"` then the page crashes due to https://github.com/symfony/symfony/blob/7.3/src/Symfony/Component/Security/Http/RememberMe/RememberMeDetails.php#L39 Not a huge deal but not very elegant Commits ------- 2eaa7ee [Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie
diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
@@ -160,7 +160,12 @@ public function clearRememberMeCookie(): void
             return;
         }
 
-        $rememberMeDetails = RememberMeDetails::fromRawCookie($cookie);
+        try {
+            $rememberMeDetails = RememberMeDetails::fromRawCookie($cookie);
+        } catch (AuthenticationException) {
+            // malformed cookie should not fail the response and can be simply ignored
+            return;
+        }
         [$series] = explode(':', $rememberMeDetails->getValue());
         $this->tokenProvider->deleteTokenBySeries($series);
     }
diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php
@@ -74,6 +74,22 @@ public function testClearRememberMeCookie()
         $this->assertNull($cookie->getValue());
     }
 
+    public function testClearRememberMeCookieMalformedCookie()
+    {
+        $this->tokenProvider->expects($this->exactly(0))
+            ->method('deleteTokenBySeries');
+
+        $this->request->cookies->set('REMEMBERME', 'malformed');
+
+        $this->handler->clearRememberMeCookie();
+
+        $this->assertTrue($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME));
+
+        /** @var Cookie $cookie */
+        $cookie = $this->request->attributes->get(ResponseListener::COOKIE_ATTR_NAME);
+        $this->assertNull($cookie->getValue());
+    }
+
     public function testConsumeRememberMeCookieValid()
     {
         $this->tokenProvider->expects($this->any())

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,12 @@ public function clearRememberMeCookie(): void`
`160`	`160`	`return;`
`161`	`161`	`}`
`162`	`162`
`163`		`- $rememberMeDetails = RememberMeDetails::fromRawCookie($cookie);`
	`163`	`+ try {`
	`164`	`+ $rememberMeDetails = RememberMeDetails::fromRawCookie($cookie);`
	`165`	`+ } catch (AuthenticationException) {`
	`166`	`+ // malformed cookie should not fail the response and can be simply ignored`
	`167`	`+ return;`
	`168`	`+ }`
`164`	`169`	`[$series] = explode(':', $rememberMeDetails->getValue());`
`165`	`170`	`$this->tokenProvider->deleteTokenBySeries($series);`
`166`	`171`	`}`