GNU bug report logs -
#27022
url-retrieve + .authinfo bug
Previous Next
Reported by: Andy Wingo <wingo <at> pobox.com>
Date: Mon, 22 May 2017 18:11:02 UTC
Severity: normal
Tags: fixed
Fixed in version 27.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 27022 in the body.
You can then email your comments to 27022 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#27022
; Package
emacs
.
(Mon, 22 May 2017 18:11:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Andy Wingo <wingo <at> pobox.com>
:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org
.
(Mon, 22 May 2017 18:11:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi,
If you try to do a url-retrieve over HTTP on a URL that requires HTTP
basic authentication, and you have an .authinfo file, and that .authinfo
contains an incorrect login, then Emacs will keep appending the same
Authorization: header to the request -- over and over, making the
request larger and larger, with no stop condition. Eventually nginx
produces a "400 Bad Request" error because there were too many headers.
Emacs should instead error after the first attempt at authentication
fails.
$ emacs --version
GNU Emacs 25.2.1
Andy
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#27022
; Package
emacs
.
(Fri, 26 Jul 2019 08:47:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 27022 <at> debbugs.gnu.org (full text, mbox):
Andy Wingo <wingo <at> pobox.com> writes:
> If you try to do a url-retrieve over HTTP on a URL that requires HTTP
> basic authentication, and you have an .authinfo file, and that .authinfo
> contains an incorrect login, then Emacs will keep appending the same
> Authorization: header to the request -- over and over, making the
> request larger and larger, with no stop condition. Eventually nginx
> produces a "400 Bad Request" error because there were too many headers.
>
> Emacs should instead error after the first attempt at authentication
> fails.
I'm able to reproduce this with this in my .authinfo file:
machine jigsaw.w3.org:443 login guest password wrong
and then:
(url-retrieve "https://jigsaw.w3.org/HTTP/Basic/" #'ignore)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#27022
; Package
emacs
.
(Fri, 26 Jul 2019 08:57:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 27022 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> Andy Wingo <wingo <at> pobox.com> writes:
>
>> If you try to do a url-retrieve over HTTP on a URL that requires HTTP
>> basic authentication, and you have an .authinfo file, and that .authinfo
>> contains an incorrect login, then Emacs will keep appending the same
>> Authorization: header to the request -- over and over, making the
>> request larger and larger, with no stop condition. Eventually nginx
>> produces a "400 Bad Request" error because there were too many headers.
>>
>> Emacs should instead error after the first attempt at authentication
>> fails.
>
> I'm able to reproduce this with this in my .authinfo file:
>
> machine jigsaw.w3.org:443 login guest password wrong
>
> and then:
>
> (url-retrieve "https://jigsaw.w3.org/HTTP/Basic/" #'ignore)
And this should now be fixed on the Emacs trunk.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) fixed.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org
.
(Fri, 26 Jul 2019 08:57:02 GMT)
Full text and
rfc822 format available.
bug marked as fixed in version 27.1, send any further explanations to
27022 <at> debbugs.gnu.org and Andy Wingo <wingo <at> pobox.com>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org
.
(Fri, 26 Jul 2019 08:57:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Fri, 23 Aug 2019 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 84 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.