From e0df963eff1bf3ea2c91861353d13045118dc7c2 Mon Sep 17 00:00:00 2001
From: spaceone <spaceone@users.noreply.github.com>
Date: Thu, 17 Sep 2015 23:46:52 +0200
Subject: [PATCH] Fix remote code execution vulnerability

SmartCookie as well as SerialCookie are vulnerable to code injection in python2.
For example, the following cookie header would shutdown your server:
Cookie: foo="cposix\012_exit\012p1\012(I1\012tp2\012Rp3\012."
---
 oauth1-python-3legged/complete.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth1-python-3legged/complete.py b/oauth1-python-3legged/complete.py
index b59a8d3..e5db0eb 100644
--- a/oauth1-python-3legged/complete.py
+++ b/oauth1-python-3legged/complete.py
@@ -22,7 +22,7 @@ def __getattr__(self, attr):
 '''
 def main():
     #create new smart cookie to extract request token
-    cookie = Cookie.SmartCookie()
+    cookie = Cookie.SimpleCookie()
     
     #if a cookie is available, load it
     if os.environ.has_key('HTTP_COOKIE'):
@@ -83,4 +83,4 @@ def main():
         sys.exit()
     
 if __name__ == '__main__':
-    main()
\ No newline at end of file
+    main()