GNU bug report logs -
#36619
26.2; url-auth: Base64 encoded Basic auth password truncated
Previous Next
Reported by: Joshua Bachmeier <joshua <at> bachmeier.cc>
Date: Fri, 12 Jul 2019 18:39:02 UTC
Severity: normal
Tags: fixed
Found in version 26.2
Fixed in version 27.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 36619 in the body.
You can then email your comments to 36619 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#36619
; Package
emacs
.
(Fri, 12 Jul 2019 18:39:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Joshua Bachmeier <joshua <at> bachmeier.cc>
:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org
.
(Fri, 12 Jul 2019 18:39:04 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
My password (retrived by the url package with `auth-source') is rather
long. When encoding it in base64 (using `base64-encode-string') in
`url/url-auth.el:123' it is split into multiple lines (this behaviour is
specified in the documentation of `base64-encode-string'. However, since
the base64-string is then simply put into the HTTP header, everything
after the first newline is lost, the password is effectively truncated.
`base64-encode-string' provides an optional argument to supress line
splitting. I guess this should be used here (and propably in many other places).
In GNU Emacs 26.2 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.8)
of 2019-04-12 built on juergen
Windowing system distributor 'The X.Org Foundation', version 11.0.12005000
Configured using:
'configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib
--localstatedir=/var --with-x-toolkit=gtk3 --with-xft --with-modules
'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong
-fno-plt' CPPFLAGS=-D_FORTIFY_SOURCE=2
LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now'
--
Joshua Bachmeier
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#36619
; Package
emacs
.
(Fri, 12 Jul 2019 23:29:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 36619 <at> debbugs.gnu.org (full text, mbox):
Joshua Bachmeier <joshua <at> bachmeier.cc> writes:
> My password (retrived by the url package with `auth-source') is rather
> long. When encoding it in base64 (using `base64-encode-string') in
> `url/url-auth.el:123' it is split into multiple lines (this behaviour is
> specified in the documentation of `base64-encode-string'. However, since
> the base64-string is then simply put into the HTTP header, everything
> after the first newline is lost, the password is effectively truncated.
This should now be fixed on the Emacs trunk.
> `base64-encode-string' provides an optional argument to supress line
> splitting. I guess this should be used here (and propably in many
> other places).
I went through the Emacs codebase, and the only other place this seemed
to be an issue was in nnimap.el, and explains a mysterious bug report
about truncated auth.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) fixed.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org
.
(Fri, 12 Jul 2019 23:30:02 GMT)
Full text and
rfc822 format available.
bug marked as fixed in version 27.1, send any further explanations to
36619 <at> debbugs.gnu.org and Joshua Bachmeier <joshua <at> bachmeier.cc>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org
.
(Fri, 12 Jul 2019 23:30:03 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sat, 10 Aug 2019 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 260 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.